06-12-2021 12:23 AM
I've a pair of PA-220 configured as cluster. After power off - on HA is down. But I can connect to both firewalls via https & ssh.
Active fw1 shows that HA ports 7 & 8 are down (red in GUI). On passive firewall fw2 all ports are grey.
But the real strange thing is, when looking into running-config (CLI), on active fw1 all the HA config is missing.
On passive (ok, not really passive, because HA is down) fw2 all the HA config in running-config is shown (CLI).
But when I enter the command "show high-availability state" fw2 shows "HA not enabled".
And "show interface all" gives me an error.
For me it would make sense, if fw1 would show this error, because of missing part in running-config.
Connections are working, I can reach all the stuff behind the firewall.
user@fw2> show high-availability state
HA not enabled
user@fw2> show interface all
Server error : An error occured. See dagger.log for information.
user@fw1(active)> show high-availability state
Group 1:
Mode: Active-Passive
Local Information:
Version: 1
Mode: Active-Passive
State: active (last 4 days)
user@fw1(active)> show interface all
total configured hardware interfaces: 9
name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/2 17 1000/full/up 00:1b:17:
ethernet1/3 18 1000/full/up 00:1b:17:
ethernet1/5 20 1000/full/up 00:1b:17:
ethernet1/7 22 ukn/ukn/down(autoneg) 34:e5:ec:
ethernet1/8 23 ukn/ukn/down(autoneg) 34:e5:ec:
Is there a change to bring up the HA from remote (site is far, far away) with only minimum interrupt (reboot)?
Thanks.
06-12-2021 09:01 PM
I agree with @aleksandar.astardzhiev that this is likely a hardware issue, but since you're also getting server errors it could also easily be a software issue that can be resolved with a reload of the firewall.
I would however actually caution against reloading either firewall until you have someone on-site that can actually troubleshoot what is going on. The reason for this is simply that restarting the fw2 and/or fw1 while something is in this sort of state could actually cause a split-brain situation. Since the network is "functional" and this isn't actively causing any issues outside of the lose of HA, I wouldn't want to introduce something that actually ends up effecting traffic by attempting to fix the issue until I'm on-site with the hardware.
06-12-2021 12:42 PM
Hi @ChrisCon ,
It sound like hardware issue for me...Have you tried to power cycle (reboot) it again?
06-12-2021 03:38 PM
Check System logs in GUI and from CLI
Check below logs
less mp-log ha_agent.log
Also troubleshoot why HA ports are down?
Check Physical connections.
IF HA is enabled on both firewalls then if physical interfaces are up again then your issue should be fixed.
Regards
Regards
Mahesh
06-12-2021 09:01 PM
I agree with @aleksandar.astardzhiev that this is likely a hardware issue, but since you're also getting server errors it could also easily be a software issue that can be resolved with a reload of the firewall.
I would however actually caution against reloading either firewall until you have someone on-site that can actually troubleshoot what is going on. The reason for this is simply that restarting the fw2 and/or fw1 while something is in this sort of state could actually cause a split-brain situation. Since the network is "functional" and this isn't actively causing any issues outside of the lose of HA, I wouldn't want to introduce something that actually ends up effecting traffic by attempting to fix the issue until I'm on-site with the hardware.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
