02-24-2026 04:40 PM
Hi,
We were able to make the tunnels up under 1 Service Connection (with 2 tunnels, primary and secondary) in Prisma Access and 2 tunnels in Palo Alto FW with Active-Active HA setup. If both tunnels are up, loopback IP in FW1 is accessible from GP user. But when the primary went down and secondary tunnel is still up, GP user in unable to reach/access the loopback IP of FW2. What would be the reason of this? Did we make the correct setup with regards to the tunnel? Appreciate your inputs. Thanks.
02-26-2026 04:01 AM
Hi!
did you set up tunnel mon itoring? that actively helps to disable rouytes when a tunnel goes down
ideally use BGP instead of static routes as well (but tunnel monitor should help you out in this)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
