I'm looking for some insight on the proper config for our Palo HA pair. We tried doing a firmware upgrade since there was a critical release a couple weeks ago regarding SAML patch, and it went poorly to say the least. This is the first time I think we haver actually had to failover since I've been here.
Our Current Setup https://imgur.com/a/HRZPdC5
We have two Palo-Alto 5220's in HA. Each is connected to two Nexus 3000 switches via vPC.
The upgrade path went like this:
- We upgraded FW2, since it was already passive.
- Manually failed over to FW2 and upgraded FW1
- Manually failed back over to FW1, then no internet traffic/management etc.
For whatever reason now, FW1 is unusable, can login but it just will not route any traffic. Currently we just suspended FW1 and are running on the one.
Anyone have a similar setup? Anything I should be doing different?
Thanks for any insight!
No comments:
Post a Comment