HA Error after PAN-OS Upgrade: High-availability HA2 interface needs a prefix length""

HA Error after PAN-OS Upgrade: High-availability HA2 interface needs a prefix length""

31803
Created On 09/26/18 13:49 PM - Last Modified 06/13/23 03:43 AM


Resolution


Issue

After performing a PAN-OS upgrade, the running configuration fails to synchronize from the active to passive member with the following error message:

Details: High-availability HA2 interface needs a prefix length (Module: ha_agent)

Commit failed

The HA fails to sync the running the configuration upon commit from the WebUI and also from the CLI.

Cause

The issue occurs because the HA settings imported from an older PAN-OS version were lost or not needed. The result is a missing Netmask from the HA2 interface.

ha.PNG

Resolution:

  1. Edit the passive HA2 interface and enter the missing Netmask info.
    Go to Device > High Availability > General and click on the edit icon for HA2.
  2. Enter the Netmask that corresponds to the HA2 IP address, as shown below:
    hacorrected.PNG
  3. Click OK and commit. The commit should complete without errors.

owner: fdiaz
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClrQCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language