04-02-2015 09:52 AM
Hi,
I have a firewll PA-3050 version 5.0.11 and the High Availability cluster is configured Active / Passive mode. The interfaces to backup firewall are powered off and I tried switch the configuration in Active / Passive to auto instead shutdown, but the interfaces still powered off .
Can you help me ? How I can power on the interfaces in backup firewall ?
best regards,
Paulo Roberto Aun
04-02-2015 04:25 PM
Hi Paulo_Aun
Is the firewall configured for Layer2 or Vwire? Review doc Passive Device Interfaces Down in Auto Passive Link State
04-03-2015 03:34 AM
When a cluster is Active/Passive the passive node interfaces do not pass any traffic. This is by design to prevent creating any layer 2 loops from any alternate paths created by having two devices serve the same traffic. Since the Active/Passive design is that only one firewall at a time is processing sessions, this generally does not create an issue.
If you network design requires that traffic pass on the inactive node, then you will need to implement an Active/Active cluster. This is the case if you need dynamic routing protocols to traverse the inactive device or if you have multiple network paths setup by design and want the cluster to handle asymmetrical routing.
It sounds like your network design method might require an Active/Active cluster deploy.
04-03-2015 10:26 AM
Steven even not passing traffic, how do I get the interfaces stay connected? Is there any way?
04-08-2015 03:00 AM
I am not sure if this is normal or not as all my clusters run Active/Active and I have not had time to lab up an active/passive one.
Can you test failover to see if it successfully shifts to the passive device?
04-08-2015 03:24 AM
Found the documentation for the link status in Active/Passive HA and this is a normal operation. The passive device interfaces can be link down when not in operation.
What is the Difference Between Auto and Shutdown Mode for Passive Link?
09-22-2017 06:51 PM
PA-850 firewalls when in Active/Passive with passive link state mode as "auto". All the interfaces on the passive device are down until a failover happens. During failover, passive takes over as active and all its interfaces are up and start forwarding traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
