HA1 showing down

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L2 Linker

HA1 showing down

HA1 is showing down, but HA1 Backup and HA2 are showing up.  FWs recently configured by contractor who has left.  Configuration appears correct.  Any suggestions?

Highlighted
L4 Transporter

Was it ever up? Any changes if it was up? Have you tried a cable replacement?

Are they directly connected or going through a switch?

You said the config looks fine. Did you verify the ha1 IP addresses on both members are in the same subnet and correctly defined on each other?

L2 Linker

To my knowledge it was never up.  The contractor who set it up left abruptly and we never had time to circle back and discuss.  He did say that he needed to change something but didn't say what and from what I can tell the HA config was done correctly.  The five pairs are directly connected, however two of the pairs are on different subnets.  I'm not sure why he set them up differently.  The Peer HA1 IP address on the active Palo is the IP of the passive Palo, and the Peer HA1 IP address of the passive Palo is the IP of the active Palo - is that what you are referring to?

Highlighted
L4 Transporter

What are the 5 pairs that are connected? HA1-a, HA1-b, hsci and the Aux ports? What is each being used for?

What model firewalls are these?

In the CLI, does that HA interface show up?

Are the HA1 addresses on the same subnet?

 

Highlighted
L2 Linker

What are the 5 pairs that are connected? HA1-a, HA1-b

What model firewalls are these?  PA-850

In the CLI, does that HA interface show up?  show interface command will not work in the CLI

Are the HA1 addresses on the same subnet?  Yes

Highlighted
L4 Transporter

I don't think the 850 has A and B for HA.

If you do 'show interface ha1', there's no output? Are you using an account with the right permissions?

Highlighted
L2 Linker

Ok yes, my error, I do see the HA1 interface.

Highlighted
L4 Transporter

Does it show up or down? If it's down, probably a cabling problem.

Highlighted
L2 Linker

How do I tell from the CLI output from "show interface ha1" if it is up?

Highlighted
L4 Transporter

show interface ha1-a

 

Name: ha1-a, ID: 5
Link status:
Runtime link speed/duplex/state: 1000/full/up
Configured link speed/duplex/state: auto/auto/auto


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!