HA1 showing down

amy.hazelwood · ‎06-11-2020

HA1 is showing down, but HA1 Backup and HA2 are showing up. FWs recently configured by contractor who has left. Configuration appears correct. Any suggestions?

amy.hazelwood · ‎06-15-2020

Thank you for the clarification. Here is what I have:

Name: ha1, ID: 5
Link status:
Runtime link speed/duplex/state: unknown/unknown/unknown
Configured link speed/duplex/state: auto/auto/auto

rmfalconer · ‎06-15-2020

Looks like a layer 1 problem. Maybe the cable is bad or it's connected in the wrong place on one side.

Even if the HA config or IP address info is wrong, it would show up if the physical connection is good.

amy.hazelwood · ‎06-17-2020

Ok, I work remotely and I've having trouble getting someone to look at the cabling for me. I'll keep you posted. Thank you.

amy.hazelwood · ‎06-17-2020

Another question:

Under Network-Interfaces the link state shows up, but under the Dashboard the HA1 shows down. They have the same IP - I feel like there is something I am not understanding about his config...

rmfalconer · ‎06-17-2020

What interface is being used for HA1? The dedicated HA interfaces don't appear in Network-Interfaces.

You can define data plane interfaces for HA use but that's not typically done on models that have the dedicated HA interfaces.

amy.hazelwood · ‎06-17-2020

From what I can see (online not onsite) is one HA is ethernet1/7 and the other HA is ethernet1/8, both up.

rmfalconer · ‎06-17-2020

On Device-High Availability, what interfaces are shown for each backup link?

amy.hazelwood · ‎06-18-2020

Backup Peer HA1 IP address is .30

Control Link (HA1Backup) is .29

amy.hazelwood · ‎07-01-2020

So I changed around the configuration to what I thought it should be vs. what the contractor put in and I was able to get the HA1 interface up but the HA1 backup is down.

1 - He set Management as the HA1 Control Link and I set it to the HA1 ethernet interface IP.

2 - He set the Peer HA1 IP as the Peer's Management IP and I set it to the Peer's HA1 ethernet interface.

3 - He set the Backup Peer HA1 IP as the Peer's HA1 ethernet interface IP and I set it to the Peer's HA2 ethernet interface, which showed down after I changed it.

3 - He set the Control Link HA1 Backup as the HA1 ethernet interface IP and I set it to None.

4 - We both set the HA2 Datalink to the HA2 ethernet interface IP, which has always shown up.

5 - We both set the HA2 Datalink Backup to None.

I know the PA-850s HA setup must be configured differently than the PA-200s HA setup, but I cannot find a config guide specific to the PA-850s.

rmfalconer · ‎07-10-2020

Since you have Control Link HA1 Backup set to none, the Backup Peer HA1 IP Address should be blank. No need for an IP address if it's unused. If you remove the Backup Peer HA1 IP Address, then the HA widget should remove the HA1 Backup option.

If you want to use the HA1 Backup, you can use the management interfaces of each firewall. Set the port configuration to management and the Backup Peer HA1 IP Address to the peer management IPs. Or you could use data plane interfaces set to the HA type.

Network Security

Cloud Security

Security Operations

HA1 showing down

HA1 showing down

Show your appreciation!