This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

HA Failover Issue on PA-3420 with AE LACP – Both Nodes Active (Split Brain ?)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HA Failover Issue on PA-3420 with AE LACP – Both Nodes Active (Split Brain ?)

romen54
L0 Member

‎05-13-2025 11:57 PM - last edited on ‎05-15-2025 05:09 AM by

We’re experiencing a critical issue with our HA setup on a pair of Palo Alto PA‑3420 firewalls running PAN‑OS 11.1.6‑h3 in Active‑Passive mode (HA Group 25, preemptive disabled). Both firewalls simultaneously believed they were active, causing a complete traffic halt and requiring a manual reboot of the actual active node to restore service. We suspect the problem is tied to our LACP configuration on AE-group ae1 (aggregating Ethernet1/13–16 with LACP in fast mode). Logs indicate that interfaces were being moved out of the AE-group due to link down events, and there were HA sync issues (Can't synchronize control plane data). We’ve verified cabling, switch configuration, and LACP status (ports show collecting/distributing when stable). Our HA settings and IPs are correctly matched, and we’re using a PSK for HA communication. We’re looking for guidance on how to stabilize LACP and prevent AE-group flapping from affecting HA, whether there are known bugs in PAN-OS 11.1.6-h3 related to HA or LACP, and any best practices to ensure HA state remains consistent during link transitions. Any insights or suggestions would be greatly appreciated.

0 Likes Likes
2 REPLIES 2

SutareMayur
L7 Applicator

‎05-15-2025 06:21 AM

Hi @romen54 Did you checked this article? This will help to check all the causes and resolutions of Split-Brain situation. 

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

BPry
Cyber Elite
Cyber Elite

‎05-15-2025 09:58 AM

@romen54,

Did this start out of the blue or after you applied 11.1.6-h3? I've had multiple instances where recent PAN-OS releases have caused a split-brain scenario and reverting has immediately resolved the issue across multiple different models in active/passive setups.

 

As for the LACP issue causing a split-brain scenario, I think your LACP issues are more than likely a consequence of your split-brain scenario than the issue causing your split-brain scenario. Do you have HA1/HA2 directly connected between the two units or are you passing it through a switch? If you're passing it through a switch, is it the same one handling your aggregates?

  • 469 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks