08-30-2017 09:52 AM
Hello,
To test the link monitoring of the high-availability, i want to shut one interface on the active member.
I set up the interface at down but i do not find how to do the commit on the active member only.
Is there a solution to push the commit on one member of the cluster only?
Thanks for your help.
08-30-2017 11:04 AM
Within your High Availablility settings under setup there is an option to toggle Config Sync. Turn this off and your configuration will not sync between your passive/active members.
08-30-2017 11:04 AM
Within your High Availablility settings under setup there is an option to toggle Config Sync. Turn this off and your configuration will not sync between your passive/active members.
08-31-2017 01:23 AM
With this option disabled, i'm able to shut interfaces on one members only :
admin@panel1(active)> show interface all
ethernet1/1 16 ukn/ukn/down(power-down) 00:1b:17:00:23:10
ethernet1/2 17 ukn/ukn/down(power-down) 00:1b:17:00:23:11
admin@panel2(passive)> show interface all
ethernet1/1 16 1000/full/up 00:1b:17:00:23:10
ethernet1/2 17 1000/full/up 00:1b:17:00:23:11
Exactly what i was looking for, thanks for your help.
But HA do not react with the following "link monitoring" configuration.
high-availability {
...
group {
35 {
...
monitoring {
link-monitoring {
link-group {
"LACP Group1" {
interface [ ethernet1/1 ethernet1/2];
failure-condition all;
}
}
}
}
}
}
}
09-01-2017 06:58 AM
Path and link monitoring configuration is per firewall and this is not syncronized to other firewall.
09-04-2017 05:11 AM
This management article https://live.paloaltonetworks.com/t5/Management-Articles/Logical-Shutdown-of-an-Interface-Does-Not-C... explains why a logical shutdown of an interface does not cause HA failover.
09-04-2017 05:19 AM
Yes that is the case.
But to answer your initial question - if you change link monitoring config on one firewall and commit then this is not replicated over as link and path monitoring configuration is private to the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
