05-24-2012 10:36 PM
Hi,
I setup active/active configuration and everything seems to be working. We test HA by powering off the other peer and vice versa. All outgoing traffic are working as expected. But, we notice that we're not receiving incoming traffic if one of the PAN fails. I configured NAT and assign the active/active HA binding to both.
Please help.
Thanks,
Rex
05-25-2012 07:10 AM
Hi...You may want to double-check your dest (inbound) NAT as the dest NAT should only be binded to the active primary device. Please refer to this document for more info.
Configuring Active Active HA: https://live.paloaltonetworks.com/docs/DOC-1756
05-25-2012 09:28 AM
Thanks for the reply rmonvon.
I tried to bind it on the active primary device and also tried to use both but none of it is working. Everytime I reboot the device, incoming traffic never comes back until the rebooted is back online.
05-25-2012 09:30 AM
If you suspend the secondary device & keep primary running, does it work?
05-25-2012 09:34 AM
This is weird. Everytime I reboot the secondary device, incoming traffic stops. But if I reboot the primary device, both incoming and outgoing is normal. I follow the instructions in tech-note for HA.
05-25-2012 09:40 AM
That is odd. Can you monitor the ARP cache/MAC table on your switch/router and see what happens to the ARP/MAC entry for the NAT IP. It should reflect the change as the HA failover and recover.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
