For details on cookie usage on our site, read our Privacy Policy
HA1 showing down
- LIVEcommunity
- Discussions
- General Topics
- HA1 showing down
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
HA1 showing down
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-11-2020 07:12 AM
HA1 is showing down, but HA1 Backup and HA2 are showing up. FWs recently configured by contractor who has left. Configuration appears correct. Any suggestions?
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-17-2020 01:48 PM
From what I can see (online not onsite) is one HA is ethernet1/7 and the other HA is ethernet1/8, both up.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-17-2020 03:17 PM
On Device-High Availability, what interfaces are shown for each backup link?
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-18-2020 05:07 AM
Backup Peer HA1 IP address is .30
Control Link (HA1Backup) is .29
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-01-2020 06:00 PM
So I changed around the configuration to what I thought it should be vs. what the contractor put in and I was able to get the HA1 interface up but the HA1 backup is down.
1 - He set Management as the HA1 Control Link and I set it to the HA1 ethernet interface IP.
2 - He set the Peer HA1 IP as the Peer's Management IP and I set it to the Peer's HA1 ethernet interface.
3 - He set the Backup Peer HA1 IP as the Peer's HA1 ethernet interface IP and I set it to the Peer's HA2 ethernet interface, which showed down after I changed it.
3 - He set the Control Link HA1 Backup as the HA1 ethernet interface IP and I set it to None.
4 - We both set the HA2 Datalink to the HA2 ethernet interface IP, which has always shown up.
5 - We both set the HA2 Datalink Backup to None.
I know the PA-850s HA setup must be configured differently than the PA-200s HA setup, but I cannot find a config guide specific to the PA-850s.
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-10-2020 01:02 PM
Since you have Control Link HA1 Backup set to none, the Backup Peer HA1 IP Address should be blank. No need for an IP address if it's unused. If you remove the Backup Peer HA1 IP Address, then the HA widget should remove the HA1 Backup option.
If you want to use the HA1 Backup, you can use the management interfaces of each firewall. Set the port configuration to management and the Backup Peer HA1 IP Address to the peer management IPs. Or you could use data plane interfaces set to the HA type.
- Reason: TCP channel setup failed, reverting configuration issue. in Panorama Discussions
- Palo Alto Networks - Known malicious IP addresses in Best Practice Assessment Discussions
- Custom XDR query to show a user login and log out daily in Cortex XDR Discussions
- Palo Alto New User ID Agent Adding to Firewall in Next-Generation Firewall Discussions
- TCP-RST-from-CLIENT in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
