This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

MAC addresses for HA interfaces

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

MAC addresses for HA interfaces

Palobeacon
L1 Bithead

‎06-09-2021 07:49 AM

I have 2 virtual instances of PA-8.0 on a laptop in a home lab for learning purposes.  High Availability is configured in Active/Passive mode with HA1 using the management interface and it is working but HA2 is failing to sync and complete initialization.  The HA2 interface is red in the GUI and will not go green.  I think this may be a problem with not having a mac address assigned.  Can mac addresses be manually assigned to interfaces in the GUI?  The virtualization platform is Virtualbox on a Windows 10 host.

 

Any assistance with suggestions, steps, videos, etc. would be welcome and appreciated.

0 Likes Likes
4 REPLIES 4

nikoolayy1
L6 Presenter

‎06-09-2021 08:31 AM

First of all 8.0 is old like really old, so use 9.1. Second of all use Vmware Player/workstation or the Hyper-V on windows 10 as it is in windows 10 as Virtual Box does not support nested virtualization. For virtual mac you can check this:

 

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/ha-concepts/floating-ip-...

0 Likes Likes

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎06-10-2021 11:02 AM

Hi @Palobeacon ,

 

Like @nikoolayy1  already mentioned I would suggest to get later version than 8.0 as there are lot of changes.

 

But you want to stick with this version - Can you check if "Hypervisor assigned MAC address" is enabled - https://docs.paloaltonetworks.com/vm-series/8-0/vm-series-deployment/about-the-vm-series-firewall/hy...

 

As far as I remember this setting was not enabled by default in earlier versions (like 7.0 and 7.1) and I am not sure if they enabled it by default from 8.0 or it was from 8.1.

 

Palobeacon
L1 Bithead
In response to aleksandar.astardzhiev

‎06-14-2021 07:58 AM

Hi

"Hypervisor assigned MAC address" is enabled by default. I disabled it but it didn't make a difference. I configured HA Active-Active mode to use floating IP but all the HA interfaces fail to go green. Should I leave it disabled?

I will be upgrading to OS v10 later but I have to configure HA and a few other things first as I will be testing if they are still working after the upgrade.

I appreciate your assistance.
0 Likes Likes

Palobeacon
L1 Bithead
In response to nikoolayy1

‎06-14-2021 08:14 AM

Hello

 

Thanks for your suggestions.  I will be upgrading to OS v10 after I have configured HA.  I tried the floating IP setup but couldn't get it to work.  The examples basically assume you do not have any existing security rules or NAT configured that may need modification.  I hope I can find a solution soon.

  • 2955 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks