Hello Palo Alto Community,
I'm deploying a HA Pair of Palo Alto VM Serie (hosted on my infrastructure) and I'm being blocked by a situation I don't understand.
When "Enable Session Synchronization" on HA2 interface is disabled, the HA status is reporting that HA1 and HA2 is fine. Config sync is working, I can run failover tests without any issues.
When I activate "Enabling Session Synchronization" feature, the HA status is reporting that HA1 is UP but HA2 goes down and the slave stays stuck in "Initial (Waiting for state synchronization completion)". I don't understand why HA2 goes down as soon as "Enabling Session Synchronization" is enabled.
Do you have some ideas ?
What version of software are you running?
Are both FWs on the same Host, or did you put each FW in a different host?
Did you give HA2 an IP address with a /30 bit mask (not needed)
Did you confirm the tranport protocol matches (for if you did put in an IP than ip protocol, otherwise,ethernet would suffice)
If you have an IP on HA2 have attempted to ping from HA2 IP to slave HA2 IP, before enabling HA session sych?
Just some ideas.
The log I would take a look at would be less mp-log ha_agent.log
This should give you indication of what is happening in real time.
I would start from there, before getting into debugging the actual HA process.
I found the root cause: when the two VM are on two different ESXi host they can't ping each other. When they are on the same host everything works (i.e. they can ping each other and HA works fine). It's not related to my Palo Alto configuration.
I need to troubleshoot my Distributed Virtual Switch now.
Thank you for everything.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!