02-17-2026 05:28 AM
Dear Team,
I experiencing a problem related to HA for my two Palo Alto 440 FW.
I attach two FW to SCM, so SCM manage this two device.
I configured HA Active/Passive for this devices and after that I lost connection to second (passive) FW. Like in screenshot:
I thinking that this is related that second is a Passive and not generate any traffic, but I am not sure.
How can I solve this problem ?
Another question is about ZTP port. After establish connection to SCM using ZTP port, is it possible to shutdown this port and move management to dedicated management port ?
02-27-2026 09:15 AM
Yea so the documentation says that you need to keep Eth 1 connected for ZTP to manage via SCM - that is wrong - as you end up in the situation you've found yourself in, when you go passive in HA the ZTP port is cut off and the passive firewall is disconnected from SCM as a result.
You do need to transition to the management port - it can be tricky due to how embedded ZTP is - I suggest that before you remove the ZTP snippet in SCM, you configure the service route, DNS etc first, push that config and then remove ZTP afterwards - if you try do it all at once it goes absolutely haywire.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
