This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

HA1-Backup Failing when setting to Management

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA1-Backup Failing when setting to Management

Go to solution
jwill2
L2 Linker

‎08-28-2025 12:00 PM

I have a pair of 1410's configured for HA.  Because the firewalls are not in the same room, I need to use the management interface for the HA1 backup.

When I do the commit in Panorama, it commits without error.  However, when I go to push it out, I get:

 

 

  • Details:
  • . Validation Error:
  • . deviceconfig -> high-availability -> interface -> ha1-backup -> port 'management' is not an allowed keyword
  • . deviceconfig -> high-availability -> interface -> ha1-backup -> port 'management' is not a valid reference
  • . deviceconfig -> high-availability -> interface -> ha1-backup -> port is invalid
  • . Commit failed

 

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎08-28-2025 03:27 PM

Hello @jwill2

 

I found the answer in data sheet: PA-1400 Series Next-Gen Firewall Hardware Reference:

 

PavelK_0-1756420016852.png

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

0 Likes Likes
5 REPLIES 5

Go to solution
jwill2
L2 Linker

‎08-28-2025 12:06 PM

So I was looking at the actual firewall context to see if I could set it manually, but only ha1-a and ha1-b are options.  Management is not an option.

Is this something specific to the newer firewalls that have physical ha1-a and ha1-b ports?

Is there a way to utilize management for the ha1-backup?

 

Also, is it me or are Palo error messages unhelpful.

0 Likes Likes

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎08-28-2025 03:21 PM

Hello @jwill2

 

thanks for post!

 

In the official KB and documentation: HA1 interfaces on PA-3400 and PA-5400 series cannot be configured on the management port only PA-3400 and PA-5400 series are mentioned as affected platforms. I do not have PA-1400 Firewall at my disposition to confirm it, however it looks like that PA-1400 has this limitation as well.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
PavelK
Cyber Elite
Cyber Elite

‎08-28-2025 03:27 PM

Hello @jwill2

 

I found the answer in data sheet: PA-1400 Series Next-Gen Firewall Hardware Reference:

 

PavelK_0-1756420016852.png

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

Go to solution
jwill2
L2 Linker
In response to PavelK

‎08-29-2025 07:30 AM

Perfect.  Thank you.  Seems kind of stupid that they would get rid of using management as an option.  There is a use case where the firewalls are physically distant with no direct copper.  As is the case with this deployment.

I've got it working by running HA1a through the internal network but wanted a backup path in case that link/path/switch were to go down.

0 Likes Likes

Go to solution
E.Rodriguez813669
L0 Member

‎08-29-2025 07:55 AM

The port mgmt cannot be configured as HA1 backup in Panorama, only as HA1. That's why the push fails.

0 Likes Likes
  • 1 accepted solution
  • 303 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks