This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Removing peer from HA cluster

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Removing peer from HA cluster

Joel_Abney
L0 Member

‎11-28-2017 07:20 AM

I have a pair of PA-3020s running 7.1.x in HA configuration. I need to remove the passive switch from the rack to be used in another location. What is the best way to disable the HA and delete the config from the active switch without risk of service interruption. Thanks in advance.

0 Likes Likes
4 REPLIES 4

Brandon_Wertz
L6 Presenter

‎11-28-2017 07:44 AM

@Joel_Abney wrote:

I have a pair of PA-3020s running 7.1.x in HA configuration. I need to remove the passive switch from the rack to be used in another location. What is the best way to disable the HA and delete the config from the active switch without risk of service interruption. Thanks in advance.

You have A/P and want to move the P firewall to another physical location?

0 Likes Likes

Joel_Abney
L0 Member
In response to Brandon_Wertz

‎11-28-2017 07:53 AM

Brandon,

 

Correct. We are re-purposing the device so need to remove HA config from from both FWs but also break the HA connection without creating an outage.

0 Likes Likes

Brandon_Wertz
L6 Presenter
In response to Joel_Abney

‎11-28-2017 08:09 AM

I would go to your passive device and "suspend" it

 

HA.PNG

 

 

This tells your passive device to be non-functional.  

 

I would then disable the physical ports.  Then I would physically remove them.  (HA included).  Then go into your primary device and disable HA services.

 

With the previously passive device on a bench / lab connect the FW to you a computer and remove the HA and make any necessary config changes to the passive device.

 

*I'm not a Palo employee, I'd validate any procedures if you're planing work / projects on these procedures.*

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to Brandon_Wertz

‎11-28-2017 10:17 AM

@Joel_Abney,

What @Brandon_Wertz is proposing should work perfectly fine. The only thing that might take into account is that the MAC will likely revert to the original interface MAC address if using L3 interfaces. The device would send out multiple gratuitous ARPs just like it does the first time though, so the MAC/IP listing should be updated fairly quickly. 

 

0 Likes Likes
  • 2753 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks