Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-25-2024 10:58 PM - edited 06-25-2024 11:01 PM
The error message when commiting is:
I configured high availability using yaml ansible code. After enabling high availability, and setting up a few stuff, I am facing this error. I am not sure what I am missing. I am following the CIS benchmark for the palo alto firewall.
3.1:
- name: Set HA2 enabled
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/deviceconfig/high-availability
element: |
<enabled>yes</enabled>
<group><group-id>1</group-id></group>
- name: Ensure a fully synchronized High Availability peer is configured
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/deviceconfig/high-availability/group/state-synchronization
element: |
<enabled>yes</enabled>
<transport>udp</transport> #ethernet/ip/udp
- name: Set HA2
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/deviceconfig/high-availability/interface/ha2
element: |
<ip-address>1.1.1.2</ip-address>
<netmask>255.0.0.0</netmask>
<gateway>1.1.1.1</gateway>
3.2:
- name: Configure Link Monitoring
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/deviceconfig/high-availability/group/monitoring/link-monitoring
element: |
<enabled>yes</enabled>
<failure-condition>any</failure-condition>
- name: Configure Path Monitoring
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/deviceconfig/high-availability/group/monitoring/path-monitoring
element: |
<enabled>yes</enabled>
<failure-condition>any</failure-condition>
3.3:
- name: Set passive-link-state auto
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/deviceconfig/high-availability/group/mode/active-passive
element: |
<passive-link-state>auto</passive-link-state>
- name: Disable Preemptive
panos_type_cmd:
provider: '{{ provider }}'
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/deviceconfig/high-availability/group/election-option
element: |
<preemptive>no</preemptive>
07-25-2024 02:54 AM - edited 07-25-2024 02:55 AM
Hello,
Have you configured interfaces dedicated for HA1 and HA2 and the configuration dedicated to HA1?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
