HA issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA issues

L3 Networker

I have 5060 pair (pan1 and pan2) with 7.1.2 in HA. Whenever pan2 interfaces are up, not shutdown, sooner or later we experience issues. It doesn’t matter if pan2 is active or passive. Could it be h/w ? Config is in sync

5 REPLIES 5

L7 Applicator

In Active/Passive the links will show up on the passive node but no traffic will pass until a failover event.

 

In Active/Active mode the link is up and traffic will pass.

 

If you are sure that traffic is passing a passive node link and there are no failover events in the logs, I would open a case with TAC to investigate.  It would likely be a software bug.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

I have case opened, asking for RMA. If it is s/w bug why issue never happens on pan1 ? Configuration is in sync, and apparanetly same s/w too. Config of ports on the switch is identical.

Just because the same information/configuration is present on identical software doesn't mean that their can't be something wrong with the underlying OS of the firewall. You could have a process that isn't behaving correctly or a kernal that didn't take a software update as expected that could be causing the issue. It's the same on a computer, just because they do the same thing and are the same model doesn't mean that they can't have issues that the other isn't experiancing. 

The nature of the issue makes it far more likely to be a bug in PanOS than a hardware failure.  The HA software is what allows the link to be up but the traffic to no longer be accepted.  Generally for a port hardware level failure we would see input/output errors or a failure to pass traffic at all.  I feel pretty confident that if there is an issue the issue will be a bug in the PanOS and you will need to get either a service release or upgrade to solve the problem.

 

It could also be some configuration issue on the device that simply needs to be adjusted to work properly.

 

Keep us updated on the case.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L3 Networker

You could try with an active/standby setup and different settings in Device > High Availability > General > Active/Passive settings, maybe, until your ticket is resolved and you can go with the setup you initially wanted to implement. Here you can configure interface behavior on passive member when you are in an active/passive setup. I have 2 HA-pairs, and with our design we have no issues leaving this to auto, but your situation might be a lot different.

 

Schermata 2016-07-31 alle 11.23.39.png

  • 2651 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!