HA Questions

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Not applicable

HA Questions

Hi all,

I have 2 simple questions:

Q1: proper procedure to physically move the standby firewall PA3020 connected to primary firewall within the same datacenter (need to power off and move)?

Q2: proper procedure to switch the primary to standby and standby to primary firewall?

Thanks a lot!!

Peter   

Highlighted
L5 Sessionator

1. If the cables are going to get disturbed then yes you should power off the device.

2. From GUI you and suspend the device and the passive will become active at that time. Unless you want passive to be suspended itself.

You can achieve this by going to Device ---> high availability

or you can do this from CLI

request high-availability state suspend

request high-availability state functional

Hope that helps.

Thanks

Numan

Highlighted
Not applicable

Thanks! Still not very clear:

Q1. I need to physically move the standby firewall, so should I:

a - suspend standby FW (optional?)

b -  power off standby FW

c - move standby FW

d - power up standby FW

e - re-connect with primary firewall

f - unsuspend standby FW


My fear is that the standby firewall will become active if it believes the primary is down if the move is not executed properly: both active and secondary will be up.  

Highlighted
L4 Transporter

Hi,

If you suspend the standby unit and power it down and move it and then power it back up it will become functional upon the reboot. If your Current Active unit has lower priority then the standby unit then the standby should come up as standby(Passive).

Thanks,

Syed R Hasnain

Highlighted
Not applicable

Not sure the last sentence? I thought if the active unit has lower priority, then the standby may take over as primary when it powers up if it has higher priority?

Highlighted
L4 Transporter

The unit with the lower priority will be active and the unit with the higher priority will be passive.

Highlighted
L4 Transporter

With preempt enabled on both the HA peers (option is under Ha election settings), the peer with the lowest device priority will always preempt to be the Active firewall.

Thanks,

Aditi

Highlighted
L5 Sessionator

Hi,

Just be sure to disable preempt (Device / HA / election settings) on both FW and then follow your procedure. When the moved fw will come up, he will re integrate the HA as backup then no issue.

Keep us in touch.

V.

Highlighted
Not applicable

My 2 firewalls in active-passive mode were pre-configured and they have the same priority numbers. Should I change them if I want to keep active-passive mode?

Thanks!

Highlighted
L7 Applicator

Hello,

It is recommended to configure different priorities on both the firewalls in order to maintain a healthy HA environment. Lower values will be higher in priority.

Example:

Firewall- A = priority 100

Firewall -B= priority 200

If you reboot both firewalls at the same time, firewall A will become active and B will become passive. Also it will help you with "preempt" option.

Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!