10-11-2013 07:51 AM
Here is our scenario.....please keep in mind I'm not a network person
We have two PA-500s. They used to be in HA but we had taken one out for a different purpose early last year so we were running in stand alone.
The PA-500 worked great but we started having random crashes. So we rushed to put the secondary back in and put it into HA mode while we investigated the problem. When the primary crashed, out secondary did take over but it did not exhibit the same characteristics as our primary. The configuration was the same as the first but it blocked websites it was not supposed to, it was slow to move traffic and it let things in we were blocking on the primary (ads, chats, etc). Not all policies/rules appeared to be applied the same as the primary.
When we switched it back to the primary (after it came back up) then our network worked fine. Support could not answer why.
Fast forward 4 months and after working with support this entire time, it was finally agreed that the hard drive was dying in our primary so they sent us a new PA-500.
We transferred the configuration, made sure software was updated and everything. Transferred licenses and installed the new primary firewall. Guess what....same issue as our secondary. It is also blocking traffic it shouldn't, letting ads in, and just not being consistent in its performance. The traffic is slower to one person than another. One person can get to a site and another can't get to the same site. We are at our wits end and have been troubleshooting this for weeks now. Does anyone have an idea what would be causing the problem? Ideas on what to check? If we put the old one back in, then everything works fine again so we KNOW it is not the layer one connections.
10-11-2013 10:39 AM
can we make this a little bit clear
you have pa500 as A,B,C at all.
At first A-B cluster had a problem with B.From disk issue You changed A with new C.
Now you have C-B cluster and you have problem with B
All problems are occuring after failover ???
10-11-2013 11:46 AM
yes we had A running and it works fine except for a hard disk error.
We added B in and set up HA but B does not work correctly when it becomes active.
We received a new PA-500 we'll call it C. We copied the config from A and installed it to C.
We replaced A with C and now neither C or B work correctly. It doesn't matter which one is active, they still act incorrectly. We tested this by putting A back in place and A continues to work correctly minus the hard drive random failure.
What would be different between A's configuration/setup and B and C when we copied it from A?
10-15-2013 11:55 AM
very interesting issue.
Well when you export config A when it is alone and imported it to the device B(or C)
if B or C does not work when they are alone not HA, this is not normal.Maybe you can try to configure B or C ( after factory reset) manually.
10-16-2013 02:47 PM
What does not get uploaded in Config that needs changed via CLI?
maybe this will help you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
