HA Link down detection does not always trigger the HA failover

HA Link down detection does not always trigger the HA failover

3353
Created On 08/17/22 03:24 AM - Last Modified 11/26/24 21:01 PM


Symptom


High-Availability status is not changed if link down time is too short.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • High Availability (HA) Configuration

Cause


  • High-Availability status is determined by the heartbeat status.
  • High-Availability failover does not occur whenever HA link down occurs.
  • If the link flap is very short and configured heartbeat messages are received correctly, then the HA failover will not happen.

Resolution


  1. The failover of HA is based on heartbeat. Configure the heartbeat that is suitable to your organization.
  2. Refer the article High-Availability - Split Brain  about High-Availability focusing a Split Brain.
  3. More aggressive status exchanges than necessary would causes High-Availability status flapping easily. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlIwCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language