This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

HA1 showing down

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HA1 showing down

amy.hazelwood
L2 Linker

‎06-11-2020 07:12 AM

HA1 is showing down, but HA1 Backup and HA2 are showing up.  FWs recently configured by contractor who has left.  Configuration appears correct.  Any suggestions?

0 Likes Likes
19 REPLIES 19

amy.hazelwood
L2 Linker
In response to rmfalconer

‎06-17-2020 01:48 PM

From what I can see (online not onsite) is one HA is ethernet1/7 and the other HA is ethernet1/8, both up.

0 Likes Likes

rmfalconer
L5 Sessionator
In response to amy.hazelwood

‎06-17-2020 03:17 PM

On Device-High Availability, what interfaces are shown for each backup link? 

0 Likes Likes

amy.hazelwood
L2 Linker
In response to rmfalconer

‎06-18-2020 05:07 AM

Backup Peer HA1 IP address is .30

Control Link (HA1Backup) is .29

0 Likes Likes

amy.hazelwood
L2 Linker
In response to rmfalconer

‎07-01-2020 06:00 PM

So I changed around the configuration to what I thought it should be vs. what the contractor put in and I was able to get the HA1 interface up but the HA1 backup is down. 

1 - He set Management as the HA1 Control Link and I set it to the HA1 ethernet interface IP.

2 - He set the Peer HA1 IP as the Peer's Management IP and I set it to the Peer's HA1 ethernet interface.

3 - He set the Backup Peer HA1 IP as the Peer's HA1 ethernet interface IP and I set it to the Peer's HA2 ethernet interface, which showed down after I changed it.

3 - He set the Control Link HA1 Backup as the HA1 ethernet interface IP and I set it to None.

4 - We both set the HA2 Datalink to the  HA2 ethernet interface IP, which has always shown up.

5 - We both set the HA2 Datalink Backup to None.

 

I know the PA-850s HA setup must be configured differently than the PA-200s HA setup, but I cannot find a config guide specific to the PA-850s.

0 Likes Likes

rmfalconer
L5 Sessionator
In response to amy.hazelwood

‎07-10-2020 01:02 PM

Since you have Control Link HA1 Backup set to none, the Backup Peer HA1 IP Address should be blank. No need for an IP address if it's unused. If you remove the Backup Peer HA1 IP Address, then the HA widget should remove the HA1 Backup option.

 

If you want to use the HA1 Backup, you can use the management interfaces of each firewall. Set the port configuration to management and the Backup Peer HA1 IP Address to the peer management IPs.  Or you could use data plane interfaces set to the HA type.

0 Likes Likes
  • 22212 Views
  • 19 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks