06-11-2020 07:12 AM
HA1 is showing down, but HA1 Backup and HA2 are showing up. FWs recently configured by contractor who has left. Configuration appears correct. Any suggestions?
06-11-2020 08:02 AM
Was it ever up? Any changes if it was up? Have you tried a cable replacement?
Are they directly connected or going through a switch?
You said the config looks fine. Did you verify the ha1 IP addresses on both members are in the same subnet and correctly defined on each other?
06-11-2020 11:53 AM
To my knowledge it was never up. The contractor who set it up left abruptly and we never had time to circle back and discuss. He did say that he needed to change something but didn't say what and from what I can tell the HA config was done correctly. The five pairs are directly connected, however two of the pairs are on different subnets. I'm not sure why he set them up differently. The Peer HA1 IP address on the active Palo is the IP of the passive Palo, and the Peer HA1 IP address of the passive Palo is the IP of the active Palo - is that what you are referring to?
06-11-2020 01:38 PM
What are the 5 pairs that are connected? HA1-a, HA1-b, hsci and the Aux ports? What is each being used for?
What model firewalls are these?
In the CLI, does that HA interface show up?
Are the HA1 addresses on the same subnet?
06-11-2020 03:31 PM
What are the 5 pairs that are connected? HA1-a, HA1-b
What model firewalls are these? PA-850
In the CLI, does that HA interface show up? show interface command will not work in the CLI
Are the HA1 addresses on the same subnet? Yes
06-11-2020 04:30 PM
I don't think the 850 has A and B for HA.
If you do 'show interface ha1', there's no output? Are you using an account with the right permissions?
06-12-2020 12:01 PM
Ok yes, my error, I do see the HA1 interface.
06-12-2020 01:20 PM
Does it show up or down? If it's down, probably a cabling problem.
06-15-2020 07:21 AM
How do I tell from the CLI output from "show interface ha1" if it is up?
06-15-2020 07:48 AM
show interface ha1-a
Name: ha1-a, ID: 5
Link status:
Runtime link speed/duplex/state: 1000/full/up
Configured link speed/duplex/state: auto/auto/auto
06-15-2020 08:14 AM
Thank you for the clarification. Here is what I have:
Name: ha1, ID: 5
Link status:
Runtime link speed/duplex/state: unknown/unknown/unknown
Configured link speed/duplex/state: auto/auto/auto
06-15-2020 08:42 AM
Looks like a layer 1 problem. Maybe the cable is bad or it's connected in the wrong place on one side.
Even if the HA config or IP address info is wrong, it would show up if the physical connection is good.
06-17-2020 11:09 AM
Ok, I work remotely and I've having trouble getting someone to look at the cabling for me. I'll keep you posted. Thank you.
06-17-2020 11:22 AM
Another question:
Under Network-Interfaces the link state shows up, but under the Dashboard the HA1 shows down. They have the same IP - I feel like there is something I am not understanding about his config...
06-17-2020 12:11 PM
What interface is being used for HA1? The dedicated HA interfaces don't appear in Network-Interfaces.
You can define data plane interfaces for HA use but that's not typically done on models that have the dedicated HA interfaces.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
