I have a firewll PA-3050 version 5.0.11 and the High Availability cluster is configured Active / Passive mode. The interfaces to backup firewall are powered off and I tried switch the configuration in Active / Passive to auto instead shutdown, but the interfaces still powered off .
Can you help me ? How I can power on the interfaces in backup firewall ?
Paulo Roberto Aun
When a cluster is Active/Passive the passive node interfaces do not pass any traffic. This is by design to prevent creating any layer 2 loops from any alternate paths created by having two devices serve the same traffic. Since the Active/Passive design is that only one firewall at a time is processing sessions, this generally does not create an issue.
If you network design requires that traffic pass on the inactive node, then you will need to implement an Active/Active cluster. This is the case if you need dynamic routing protocols to traverse the inactive device or if you have multiple network paths setup by design and want the cluster to handle asymmetrical routing.
It sounds like your network design method might require an Active/Active cluster deploy.
I am not sure if this is normal or not as all my clusters run Active/Active and I have not had time to lab up an active/passive one.
Can you test failover to see if it successfully shifts to the passive device?
Found the documentation for the link status in Active/Passive HA and this is a normal operation. The passive device interfaces can be link down when not in operation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!