HA Pair setting is active-active and session-owner is primary-device : why logs on active-secondary fw ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HA Pair setting is active-active and session-owner is primary-device : why logs on active-secondary fw ?

L1 Bithead

Dear Gurus,

I've the following setup in a production environment :

  • HA Pair setting: active-active (vWire)
  • tla-zone-fw01:
    • HA3 session-owner = primary-device via local configuration (not template)
    • Device priority 50 = active-primary
  • tla-zone-fw02:
    • HA3 session-owner = primary-device via local configuration (not template)
    • Device priority 100 = active-secondary

I understood the following regarding this setup from PAN documentation: Setting Session Owner and Session Setup to Primary Device causes the active-primary firewall to perform all traffic processing. Only the firewall that is the session owner creates a traffic log.

However, I have dissimilar logs on both - whereas I was expecting only on fw01 as the active-primary to treat and log all traffic (fw02 to forward packets to fw01 for treatment), leading me to believe that in fact these are acting in a active-active + first-packet setup, rather than in a active-active + primary-device setup.

The active-active setup is required for fastest fail-over with least risk to loosing sessions (high speed transactions network).


What I am missing in the understanding of this setup please?

Thanks in advance !

0 REPLIES 0
  • 669 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!