HA1 showing down
cancel
Showing results for 
Search instead for 
Did you mean: 

HA1 showing down

L2 Linker

HA1 is showing down, but HA1 Backup and HA2 are showing up.  FWs recently configured by contractor who has left.  Configuration appears correct.  Any suggestions?

19 REPLIES 19

Thank you for the clarification.  Here is what I have:

 

Name: ha1, ID: 5
Link status:
Runtime link speed/duplex/state: unknown/unknown/unknown
Configured link speed/duplex/state: auto/auto/auto

Looks like a layer 1 problem. Maybe the cable is bad or it's connected in the wrong place on one side.

Even if the HA config or IP address info is wrong, it would show up if the physical connection is good.

Ok, I work remotely and I've having trouble getting someone to look at the cabling for me.  I'll keep you posted.  Thank you.

Another question:  

Under Network-Interfaces the link state shows up, but under the Dashboard the HA1 shows down.  They have the same IP - I feel like there is something I am not understanding about his config...

What interface is being used for HA1? The dedicated HA interfaces don't appear in Network-Interfaces.

You can define data plane interfaces for HA use but that's not typically done on models that have the dedicated HA interfaces.

From what I can see (online not onsite) is one HA is ethernet1/7 and the other HA is ethernet1/8, both up.

On Device-High Availability, what interfaces are shown for each backup link? 

Backup Peer HA1 IP address is .30

Control Link (HA1Backup) is .29

So I changed around the configuration to what I thought it should be vs. what the contractor put in and I was able to get the HA1 interface up but the HA1 backup is down. 

1 - He set Management as the HA1 Control Link and I set it to the HA1 ethernet interface IP.

2 - He set the Peer HA1 IP as the Peer's Management IP and I set it to the Peer's HA1 ethernet interface.

3 - He set the Backup Peer HA1 IP as the Peer's HA1 ethernet interface IP and I set it to the Peer's HA2 ethernet interface, which showed down after I changed it.

3 - He set the Control Link HA1 Backup as the HA1 ethernet interface IP and I set it to None.

4 - We both set the HA2 Datalink to the  HA2 ethernet interface IP, which has always shown up.

5 - We both set the HA2 Datalink Backup to None.

 

I know the PA-850s HA setup must be configured differently than the PA-200s HA setup, but I cannot find a config guide specific to the PA-850s.

Since you have Control Link HA1 Backup set to none, the Backup Peer HA1 IP Address should be blank. No need for an IP address if it's unused. If you remove the Backup Peer HA1 IP Address, then the HA widget should remove the HA1 Backup option.

 

If you want to use the HA1 Backup, you can use the management interfaces of each firewall. Set the port configuration to management and the Backup Peer HA1 IP Address to the peer management IPs.  Or you could use data plane interfaces set to the HA type.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!