High Availability - Out of Sync Peer - Session

High Availability - Out of Sync Peer - Session

13725
Created On 04/29/22 05:02 AM - Last Modified 09/15/23 05:05 AM


Symptom


  • Alert from Strata Cloud Manager regarding a firewall pair's session table being out of sync.
  • Recommendation from Strata Cloud Manager to enable session synchronization.

 

Environment


  • PAN-OS
  • High-availability
  • AIOps

Cause


Strata Cloud Manager is able to detect that at least one of the firewalls in the high-availability session synchronization config is missing, and a warning alert is triggered due to it. 

Resolution


Enable session synchronization so that the secondary device has the session in its dataplane; in the event of a failover, the new active firewall can match packets to the synchronized session and quickly forward packets. If you do not enable Session Synchronization, the firewall must create the session again, introducing latency and dropping connections. 

1. Identify the firewall pair that generated the AIOps Alert.
2. Enable Session Synchronization  
            a. From the GUI: Click DEVICE tab
            b. Click High Availability > HA Communications
            d.  Under Data Links click the Gear to edit HA2
            e. Click the checkbox for Enable Session Synchronization           
            f. Click OK
            g. Commit to save the change 
3. Repeat the same steps from above if the other pair is not configured.

Additional Information


Refer to the article below for Session Synchronization Best Practice 
HA Clustering Best Practices and Provisioning
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OQCCA2&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language