Next-Generation Firewall
Verify Failover or Suspend HA
Table of Contents
Verify Failover or Suspend HA
After configuring HA, you can verify that failover behaves as expected or suspend
HA.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
For Strata Cloud Manager managed NGFWs:
|
Verifying failover functionality through controlled testing ensures that your HA
deployment will perform as expected during actual failure scenarios. By
intentionally triggering failover events and monitoring the transition process, you
can validate that session synchronization, IP address failover, and traffic handling
occur seamlessly, confirming that your high availability configuration will provide
the expected redundancy and business continuity when real failures occur.
Additionally, suspending High Availability temporarily disables the HA functionality
on a firewall, effectively taking it out of the HA pair while allowing you to
perform maintenance, troubleshooting, or testing activities without triggering an
unintended failover. When you suspend HA on the active firewall, it remains active
but stops sending heartbeat messages and ceases synchronization with its peer, while
suspending HA on the passive firewall prevents it from becoming active even if the
current active firewall fails. This administrative control is essential for planned
maintenance windows, configuration testing, or when you need to isolate one firewall
to diagnose issues without affecting the HA relationship permanently.
Verify Failover or Suspend HA(PAN-OS)
Suspend high availability (HA) for a managed firewall in an active/passive HA
configuration from PAN-OS. Suspend the HA for maintenance or to verify a
failover.
- Suspend the active firewall.Select and click the Suspend local device link.Verify that the passive firewall has taken over as active.On the Dashboard, verify that the state of the passive firewall changes to active in the High Availability widget.Restore the suspended firewall to a functional state. Wait for a couple of minutes, and then verify that preemption has occurred, if Preemptive is enabled.
- On the firewall you previously suspended, select and click the Make local device functional link.In the High Availability widget on the Dashboard, confirm that the firewall has taken over as the active firewall and that the peer is now in a passive state.
Verify Failover or Suspend HA (SCM)
Suspend high availability (HA) for a managed firewall in an active/passive HA configuration from Strata Cloud Manager. Suspend the HA for maintenance or to verify a failover.- Log in to Strata Cloud Manager.Configure Active/Passive HA.Suspend HA for the HA peer.
- Select and locate the HA peer for which you want to suspend HA.In the Actions column, expand the menu and Suspend HA.Click OK to confirm suspending HA on the HA peer.Verify the HA status for the now suspended HA peer displays suspended.Restore HA for the suspended HA peer.
- Select and locate the suspended HA.In the Actions column, expand the menu and Restore HA.Click OK to confirm restoring HA on the suspended HA peer.Verify the HA status for the restored HA peer displays active.
