Palo Alto Networks Knowledgebase: High Availability preempt working behavior when both HA devices have same priority value

High Availability preempt working behavior when both HA devices have same priority value

Created On 02/07/19 23:54 PM - Last Updated 02/07/19 23:54 PM
High Availability

In an Active/Passive High Availability environment, if the preempt feature is configured, whichever device holds the lower HA priority value and is healthy to pass the traffic will always move to an Active state.


What if both the devices have the same priority?

When both the devices hold the same HA priority value, as a tie breaker PAN-OS considers HA control link (HA1 link) MAC address to choose the Active device. The device that has a lower MAC address value and is able to pass the traffic will take the role as Active device and the other device will move to Passive state.



Device A and Device B are in Active/Passive HA. Both devices have HA priority value as 100 with preempt configured and Device A HA control link MAC address value is lower than the Device B HA control link MAC address value.


Currently, Device A is in Active state and Device B is in Passive state. HA failover is triggered and Device B becomes Active and Device A goes to Passive state. If Device A is healthy post the failover event, after the premption hold timer in Device A expires, Device A takes the role as Active and Device B will be back to Passive state.


If you prefer to keep one particular device in Active state, reduce the priority of that device.


Please follow the steps below to reduce the device priority.


From the GUI

Go to Device Tab > High Availability > General > Device Priority and commit the changes.




From the CLI

admin@Firewall(active)> configure
Entering configuration mode

admin@Firewall(active)# set deviceconfig high-availability group "value" election-option device-priority "value"

admin@Firewall(active)# commit 


  • Print
  • Copy Link

Choose Language