Commit fails with error "High-availability ha2 and ha2-backup ports overlap(Module: ha_agent)"

• Configuring High Availability on a PA 5450 or a PA-7000 Series Firewall.
• HSCI-A and HSCI-B ports are used for HA connectivity
• After configuring HSCI-A port as HA2 active, configuring HSCI-B interface as HA2 backup fails with commit error.

High-availability ha2 and ha2-backup ports overlap(Module: ha_agent)
client ha_agent phase 1 failure
Configuration is invalid

• PA-5450 Firewall
• PA-7000 Series Firewall
• Supported PAN-OS
• High Availability

• HSCI-A and HSCI-B are treated as a single, aggregated interface at the PAN-OS level to increase bandwidth between firewalls via the HA2 link.
• Thus when HA2 is configured using HSCI-A port, HSCI-B port cannot be used for backup as they are treated a single link.
• If HA2 Backup is needed, both links must be moved to Data Plane interfaces and HSCI ports cannot longer be used, since mixing HSCI and Data Plane interfaces for HA2 and HA2 backup is not supported.

1. Configure the HA2 link parameters after connecting the HSCI Ports.
2. HA-2 Backup link is not needed in this case as both ports are treated as a single interface providing redundancy.
3. Not configuring HA-2 backup will resolve the commit error.
4. If the design needs HA-2 backup, configure dataplane ports for HA as mixing of HSCI and dataplane interfaces for HA2 and HA2backup is not supported.
5. Refer HSCI Ports for details.

•  PA-5400 Series
•  PA-7000 Series