Manually failing over a few minutes after an HA passive device comes back up from reboot always results in a path monitoring failure on the new HA active device
313
Created On 12/02/25 00:59 AM - Last Modified 01/05/26 20:41 PM
Symptom
- HA passive device has been rebooted.
- Manually failing over a few minutes after an HA passive device comes back up always results in a path monitoring failure on the new HA active device.
- The issue is normally observed during PAN-OS upgrade.
admin@PA-460(active)> show log system direction equal backward | match "path-mo\|1/[34]: MAC Up\|state-c\|ha2-lin.*up$\|Autocom\|system-\|System"
2025/09/09 01:57:16 critical routing defaul path-mo 2 Path monitoring for static route destination 0.0.0.0/0 with next hop XX.XX.XXX.YY recovered. Route restored.
2025/09/09 01:57:16 critical routing defaul path-mo 2 Path monitoring for static route destination 0.0.0.0/0 with next hop XX.XX.XXX.XX recovered. Route restored.
2025/09/09 01:56:40 info port ethern link-ch 0 Port ethernet1/4: MAC Up
2025/09/09 01:56:39 info port ethern link-ch 0 Port ethernet1/3: MAC Up
2025/09/09 01:56:39 critical routing defaul path-mo 2 Path monitoring failed for static route destination 0.0.0.0/0 with next hop XX.XX.XXX.YY. Route removed. <---
2025/09/09 01:56:39 critical routing defaul path-mo 2 Path monitoring failed for static route destination 0.0.0.0/0 with next hop XX.XX.XXX.XX. Route removed. <---
2025/09/09 01:56:35 high ha state-c 0 HA Group 55: Moved from state Passive to state Active <---
2025/09/09 01:54:50 info ha state-c 0 HA Group 55: Moved from state Initial to state Passive <---
2025/09/09 01:54:43 info ha ha2-lin 0 HA2-Backup peer link up
2025/09/09 01:54:43 info ha ha2-lin 0 HA2 peer link up
2025/09/09 01:54:27 info ha ha2-lin 0 HA2-Backup link up
2025/09/09 01:54:21 info ha ha2-lin 0 HA2 link up
2025/09/09 01:54:10 info general general 0 Autocommit job succeeded
2025/09/09 01:54:04 high general system- 1 The system is starting up.
2025/09/09 01:49:27 info ha state-c 0 HA Group 55: Moved from state Passive to state Suspended
2025/09/09 01:49:27 high general system- 1 The system is shutting down due to CLI Initiated.
2025/09/09 01:49:27 high general general 0 System restart requested by admin <---Environment
- PA-Series Next-Generation Firewalls
- PAN-OS 10.2 branch
Resolution
- Connect HA2 port of an HA Active and a Passive devices directly.
- Enable "HA2 Keep-alive" option under GUI: Device > High Availability > HA Communications > Data Links > HA2
Note:
The "HA2 Keep-alive" configuration is not synchronized between an HA Active and a Passive devices, so enable the option and commit on each device.
Additional Information
N/A