Adding Device to HA Cluster Causes Administrator Login to Fail

Adding Device to HA Cluster Causes Administrator Login to Fail

20548
Created On 09/26/18 13:53 PM - Last Modified 06/07/23 08:00 AM


Resolution


Symptom

Super user admin credentials local to a firewall no longer works after adding the firewall to HA Cluster.

Details

Two Palo Alto Networks devices are currently not in high availability (HA) configuration:

  • Device A is configured with login: admin and password: pwordA
  • Device B is configured with login: admin and password: pwordB.

After configuring in HA mode and synchronizing the config between Device A (Active) and Device B (Passive), the superuser admin credentials configured on Device B is no longer valid.

Cause

When the two Palo Alto Networks devices are configured to be an HA Cluster (Active-Passive or Active-Active mode), the device with lowest device priority will become the Master (Active) device. The admin credentials configured on this Active device will get synced to the Passive device. In case of Active-Active mode, the device with lowest Device ID will become Active-Primary and the admin credentials configured on this device will get synced to the Active-Secondary device.

If Device B is the Passive (or Active-Secondary) node after HA configuration, the admin credentials (referring to above example) on the device will be same as on Device A (Active or Active-Passive node).

Notes:

  • The device priority is set under Device > High Availability > General tab > Election Settings
  • The Device ID is set in the Setup section at Device > High Availability > General.

owner: hparikh
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cly4CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language