HA1-B down on 3200 series

Reply
L3 Networker

HA1-B down on 3200 series

I've been doing some tinkering with a pair of 3220s and am noticing that in the GUI it's reporting HA1 Backup is down in the HA widget of the dashboard if I use the HA1-B port.  HA1-A is up, and if I use the management port for HA1-Backup, it comes up fine.  I configured HA1-B the same as HA1-A, only using a different /30 network.  I've tried different cables, and the firewalls are both directly connected.  The activity lights show up on both HA1-A and HA1-B, and if I look at the ports in the firewall CLI they both show 1000/full/up.  Is there something different that has to be configured with HA1-B to get this to work?  I'm assuming there's no known bug as I didn't see anything in the release notes.  Anyone else run into this?

 

Highlighted
L3 Networker

Update:
I noticed in the passive firewall, I could assign the IP address of HA1-B as a source IP and ping the remote IP of the active firewall.  That ping failed.  On the active box, when I tried to source the IP address of the HA1-backup it said address could not be assigned.  I changed the IP, committed, changed it back to the same IP it was configured at previously, committed again, and HA1-Backup is now active.  The HA configuration had been committed, so I didn't forget to commit the first time around.  The firewalls have been up and passing traffic, so I know that IP was correct.  I'll see how long it stays active and post if anything changes, but it seems like something weird is going on in 8.1.

Highlighted
Cyber Elite

I've got a 3220 pair.  They're directly connected using HA1-A and a sperate interface for HA2.  They're directly connected as well, but we're not having any HA1-A link issues.  (We're not using HA1-B)

Highlighted
L0 Member

On our pair of PA-3220 HA-1B connection was OK until we upgraded to 8.1.4

After the upgrade HA-1B has link, but apparently there is no traffic at all  and as a result HA1-backup does not work at all.

I tried a lot of things (ip change, various cables, direct connect and switch connect) but nothing works

 

Using Management Ports for HA-backup is working ok.

 

Highlighted

Today I upgraded to 8.1.4 and I am facing the same issue. Everything was fine on 8.1.3, nobody phisically touched the firewalls, so no cabling issues. Can't understand what happened.

Highlighted
Cyber Elite

@Infrastructure_TBS

You and others who are facing this issue with HA1-B should install PAN-OS 8.1.4-h2

Screenshot_20181110-220127_Chrome.jpg

 

Highlighted

Thanks, I am in the process of upgrading.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!