HA1 Backup link showing "Down"

HA1 Backup link showing "Down"

22329
Created On 04/29/22 17:42 PM - Last Modified 05/31/23 19:33 PM


Symptom


The command "show high-availability all" shows the following information: 
Firewall > show high-availability all
..
HA1 Backup Control Link Information:
IP Address: x.x.x.x/xx; Gateway: x.x.x.x
MAC Address: xx:xx:xx:xx:xx:xx
Interface: management
Link State: Up; Setting: 1Gb/s-full    >>>>> Local link state is UP
***
HA1 Backup Control Link Information:
IP Address: x.x.x.x
MAC Address: xx:xx:xx:xx:xx:xx
Connection down; Reason: Never able to connect to peer   >>>> Peer connection link state is DOWN

Environment


  • Palo Alto 3250 Firewall
  • PAN-OS: 9.1.9
  • HA (High Availability) Configured.

Cause


The file "ha_agent.log" (less mp-log ha_agent.log)  provides the reason for the issue. Here the IP address configured is not matching that configured on the Peer.
  
Error: ha_peer_recv_tlv(src/ha_peer.c:4233): Group 1 (HA1-MAIN): HA1 backup ip (x.x.x.x) doesn't match what peer is sending on HA1
Error: ha_peer_recv_tlv(src/ha_peer.c:4250): Group 1 (HA1-MAIN): HA1 backup peer ip (x.x.x.x) doesn't match what peer is sending on HA1
debug: ha_sysd_haX_link_change(src/ha_sysd.c:2328): Seeing HA1-Backup peer link up, waiting hold
HA1-Backup peer link up

 

Resolution


Configure the HA1 backup IP address to match what the other peer is sending. Refer to the documentation in the additional section.

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004ORLCA2&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language