Should  Passive Firewall have session counts?

Should  Passive Firewall have session counts?

1737
Created On 10/11/19 00:43 AM - Last Modified 12/12/24 00:01 AM


Question


Should  Passive Firewall have session counts?

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • High Availability (HA) active/passive

Answer


  1. Both Active and Passive firewalls have the session count.
  2. This information is displayed using the show session meter command.
  3. The session count is synchronized on Passive Firewall from the HA2 link of the active firewall.
  4. The count on both active and passive may differ due to the refresh of sessions on active constantly.
    PA-820-B(passive)> show session meter
VSYS          Maximum         Current       Throttled
--------------------------------------------------------------------------------
1                0              683              0

    Note: The HA2 link is used to synchronize sessions, forwarding tables, IPSec security associations and ARP tables between devices in an HA pair. 

Additional Information


Which Sessions Will Sync Between HA Peers?
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMxNCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail