Error message "Ephemeral public ip <ip address> cannot be moved" seen during VM HA failover on Oracle Cloud Infrastructure

Error message "Ephemeral public ip <ip address> cannot be moved" seen during VM HA failover on Oracle Cloud Infrastructure

770
Created On 02/06/23 16:01 PM - Last Modified 10/29/25 14:10 PM


Symptom


  • Palo Alto VM firewalls configured as Active/Passive on Oracle Cloud Infrastructure (OCI).
  • When performing failover between active-passive devices, Critical alert is seen in the system logs (show log system).
  • Error message displayed is , "Ephemeral public ip <ip address> cannot be moved."

Environment


  • PA-VM Firewalls configured in High Availability
  • Active/Passive configuration
  • Oracle Cloud Infrastructure (OCI)

Cause


  • Public IP address configured in the primary Interfaces. 
  • By default, the secondary floating IP will move from passive to active when failover is triggered. 
  • If the public IP is configured in the primary interface, then the primary public-IP will not move during the failover thus causing critical alert in system logs.

Resolution


    1. This is an expected behavior, when the Public IP address is configured as Primary IP.
    2. The message can be ignored in the above case.

    Additional Information


    error.PNG
    Other users also viewed:
    Actions
    • Print
    • Copy Link

      https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000saoPCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail