Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

HA Questions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA Questions

Not applicable

Hi all,

I have 2 simple questions:

Q1: proper procedure to physically move the standby firewall PA3020 connected to primary firewall within the same datacenter (need to power off and move)?

Q2: proper procedure to switch the primary to standby and standby to primary firewall?

Thanks a lot!!

Peter   

12 REPLIES 12

L5 Sessionator

1. If the cables are going to get disturbed then yes you should power off the device.

2. From GUI you and suspend the device and the passive will become active at that time. Unless you want passive to be suspended itself.

You can achieve this by going to Device ---> high availability

or you can do this from CLI

request high-availability state suspend

request high-availability state functional

Hope that helps.

Thanks

Numan

Not applicable

Thanks! Still not very clear:

Q1. I need to physically move the standby firewall, so should I:

a - suspend standby FW (optional?)

b -  power off standby FW

c - move standby FW

d - power up standby FW

e - re-connect with primary firewall

f - unsuspend standby FW


My fear is that the standby firewall will become active if it believes the primary is down if the move is not executed properly: both active and secondary will be up.  

L4 Transporter

Hi,

If you suspend the standby unit and power it down and move it and then power it back up it will become functional upon the reboot. If your Current Active unit has lower priority then the standby unit then the standby should come up as standby(Passive).

Thanks,

Syed R Hasnain

Not sure the last sentence? I thought if the active unit has lower priority, then the standby may take over as primary when it powers up if it has higher priority?

The unit with the lower priority will be active and the unit with the higher priority will be passive.

With preempt enabled on both the HA peers (option is under Ha election settings), the peer with the lowest device priority will always preempt to be the Active firewall.

Thanks,

Aditi

Hi,

Just be sure to disable preempt (Device / HA / election settings) on both FW and then follow your procedure. When the moved fw will come up, he will re integrate the HA as backup then no issue.

Keep us in touch.

V.

Not applicable

My 2 firewalls in active-passive mode were pre-configured and they have the same priority numbers. Should I change them if I want to keep active-passive mode?

Thanks!

Hello,

It is recommended to configure different priorities on both the firewalls in order to maintain a healthy HA environment. Lower values will be higher in priority.

Example:

Firewall- A = priority 100

Firewall -B= priority 200

If you reboot both firewalls at the same time, firewall A will become active and B will become passive. Also it will help you with "preempt" option.

Thanks

If you are using the preemption feature on your HA. The firewall with the lower priority will always be active and the firewall with the higher priority will be passive. If for some reason your active device reboots or goes down the passive will take over but as soon as the active comes back up it will again become the master of the cluster(active). As mentioned above its a good practice to have different priorities on the active and passive unit.

Thanks,

Syed R Hasnain

Thanks and I agree.

You are afraid about split brain.

use backup for management with selecting Heartbeat backup.

I already did what you want to do without preemptive option.just manually flap, powered off the main device.After powering on manually switched the devices again.

  • 5261 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!