Hello, good afternoon, thank you very much for your collaboration as always, please your help and support to clarify the following:
Thinking about HA issues, I understand that the recommendation will always be to use Active/Passive OK on that side.
I have a couple of questions about HA:
-When a FAILOVER occurs based on the example of a Link Monitor and/or a Path Monitor. The passive team goes on to take the ROLE of passive. Then let's say that the initial failover condition is validated and recovered to return the Main device to Active again, this must be done manually, right?
-Derived from the above, the issue of the preemtive is in relation to restarts, let's say when there are restarts or when an upgrade is typically performed and you must deactivate the preemtive and then restart for the upgrades, at this point when activating the Preemtive again, With the two computers already restarted and operational, the preemtive will not leave the Principal as active again, the one with the best priority, automatically or should it be manually?
I remain attentive, thank you very much as always, greetings and attentive to your comments.
With preempt enabled on both devices, the member with lowest priority # becomes active If preempt is not enabled on one or both members, fail over only happens manually (or if something fails)
Hello Reaper, good evening, thanks, ok I understand, but once again activate the Preemtive, and after the reboots for the update/upgrade, the firewall with the lowest priority number (the lower the higher the priority) will automatically assume the main firewall will assume the role of Active HA ?
I remain attentive, thank you very much, greetings and attentive to your comments.
HA in Palo alto is just a little different than your traditional clustering By default devices will not automatically recover after a failure. With preempt enabled, the primary device (lowest priority) will automatically assume the active role after a hold-time expires. If the failure reoccurs it will fail again and start the hold time again. If after 3 tries (configurable) the system failed again (path still down) it will become 'non-functional' and remain inactive till an administrator resets the state Due to this automatic nature of preempt it is recommended to disable it during upgrades to prevent your system from automatically failing over while you're performing maintenance