HA1 is showing down, but HA1 Backup and HA2 are showing up. FWs recently configured by contractor who has left. Configuration appears correct. Any suggestions?
Was it ever up? Any changes if it was up? Have you tried a cable replacement?
Are they directly connected or going through a switch?
You said the config looks fine. Did you verify the ha1 IP addresses on both members are in the same subnet and correctly defined on each other?
To my knowledge it was never up. The contractor who set it up left abruptly and we never had time to circle back and discuss. He did say that he needed to change something but didn't say what and from what I can tell the HA config was done correctly. The five pairs are directly connected, however two of the pairs are on different subnets. I'm not sure why he set them up differently. The Peer HA1 IP address on the active Palo is the IP of the passive Palo, and the Peer HA1 IP address of the passive Palo is the IP of the active Palo - is that what you are referring to?
What are the 5 pairs that are connected? HA1-a, HA1-b, hsci and the Aux ports? What is each being used for?
What model firewalls are these?
In the CLI, does that HA interface show up?
Are the HA1 addresses on the same subnet?
What are the 5 pairs that are connected? HA1-a, HA1-b
What model firewalls are these? PA-850
In the CLI, does that HA interface show up? show interface command will not work in the CLI
Are the HA1 addresses on the same subnet? Yes
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!