HA2 link down

Showing results for 
Show  only  | Search instead for 
Did you mean: 

HA2 link down

L4 Transporter

The 20G link for HA2 between the two PA-5220 firewalls (Active-Passive cluster) does not work correctly. It is a direct link using single-mode fiber and 10G-LR optics with a length of approximately 550 meters.

After restarting any of the two firewalls, the HA2 link does not raise (in the Down state). We only managed to lift it after disconnecting and reconnecting the fiber patch on either of the two firewalls.

On other occasions, the HSCI port enters a flaping loop (UP / Down) continuously. It is solved by disconnecting the fiber.

We have certified the single mode link with 20G-LR working fine(included patch cords).

The firmware version of the fws is 8.0.12.


Its seems like a bug but i can not find any bug related to this in 8.0.12.


Yes they are 10km apart and we are using single mode with right QSFP


L0 Member

I have two pairs of PA-3220s in active-standby mode that have been in use for a little more than two years. They are all running 8.1.13-h3, located in the same rack, and the HSCI ports are interconnected with SR-SPF+ mods and 50 micron multimode fiber.


As recent as a few weeks ago, one pair began flapping on the HSCI port. No changes were made at the time we noticed the port flapping. One thing that I can see from the CLI is the active firewall has no link on the HSCI port, and the standby does.


We replaced the optics and fiber to no avail. We already have a TAC case open but they don't have any fixes. I know that someone already mentioned that rebooting didn't help. Does anyone have any other ideas? Is anyone on the PANOS 9.1 track and still experiencing these issues?



In our case QSFP+ which we were using was 40km + as we were supposed to move our Passive PA to other DC.

For some reasons it was delayed and we replaced our QSFP+ with 10km range and then flapping was fixed as QSFP+ were 

getting overheated due to short distance.

I will ask you to check the light levels on the QSFP?

Do you have PA recommended Vendor QSFP?


Also see if it is some bug with current version?

Also i Hope tech would have run this command less cp-log brdagent.log



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!