After some help from the Guru's.
I am trying to configure LACP between PA 3020 Active / Passive and cisco switch.
I have created the AE group interface Inside with the ip address.
I have added 2 interfaces to the AE Group on each FW.
I have created a portchannel on the Cisco switch and put the 2 ports from the Active Palo and 2 ports from the Passive Palo into the same channel-group.
The Active FW is all good and working fine, the Passive FW is connected but the Port channel is suspended on the cisco end for the Passive FW conected ports.
Is this correct?
I am worried if the Active FW fails over and the Passive goes active its ports are suspended so wont come online.
Any advise greatly appreciated
I did something similar to this in the lab. You need 2 port channels on the Cisco switch. One for the Active firewall, and the other for the Passive firewall.
If you set "Passive Link State" to Auto in the High Availability configuration, then you should be able to enable pre-negotiation for the passive firewall. At this point, the Cisco switch should show both port-channels up and ready to go - reducing failover time.
Did you configure your HA pair according to the mentionned documentation? Specially Step 12 and 14?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!