PA850 HA Switchover Delay

cancel
Showing results for 
Search instead for 
Did you mean: 

PA850 HA Switchover Delay

L1 Bithead

I have setup two PA850 in a active passive pair. I am simulating failover manually, when I disconnect the cable, I see around 8 packet drops. Is there any specific settings to reduce the delay. 4 packet drops are acceptable. I have bundled interfaces on the firewall.

2 REPLIES 2

Cyber Elite
Cyber Elite

Try first with the aggresive failover profile and if needed play with the advanced settings  (Monitor Fail Hold Up Time (ms)):

 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-timers.ht...

 

 

 

Also if you want better failover  because or routing path monitoring see BFD:

 

 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/bfd/configure-bfd.html

Cyber Elite
Cyber Elite

you can optimize your failure detection by setting more aggressive timers in device > high availability > general > election settings and setting the HA Timer Settings to 'aggressive' 

 

If you did not do so, configure your aggregate interfaces for LACP and also enable LACP in HA passive state (you'll need to change the passive link state to 'auto' in device > high availability)

 

Tom Piens
PANgurus
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!