>
    Strata Copilot
    Verify Failover or Suspend HA
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. High Availability
    4. Set Up Active/Passive HA
    5. Verify Failover or Suspend HA
    Download PDF
    Next-Generation Firewall

    Verify Failover or Suspend HA

    Table of Contents

    Verify Failover or Suspend HA

    After configuring HA, you can verify that failover behaves as expected or suspend HA.
    Where Can I Use This?What Do I Need?
    • NGFW
    For Strata Cloud Manager managed NGFWs:
    • Strata Cloud Manager Pro
    Verifying failover functionality through controlled testing ensures that your HA deployment will perform as expected during actual failure scenarios. By intentionally triggering failover events and monitoring the transition process, you can validate that session synchronization, IP address failover, and traffic handling occur seamlessly, confirming that your high availability configuration will provide the expected redundancy and business continuity when real failures occur.
    Additionally, suspending High Availability temporarily disables the HA functionality on a firewall, effectively taking it out of the HA pair while allowing you to perform maintenance, troubleshooting, or testing activities without triggering an unintended failover. When you suspend HA on the active firewall, it remains active but stops sending heartbeat messages and ceases synchronization with its peer, while suspending HA on the passive firewall prevents it from becoming active even if the current active firewall fails. This administrative control is essential for planned maintenance windows, configuration testing, or when you need to isolate one firewall to diagnose issues without affecting the HA relationship permanently.

    Verify Failover or Suspend HA(PAN-OS)

    Suspend high availability (HA) for a managed firewall in an active/passive HA configuration from PAN-OS. Suspend the HA for maintenance or to verify a failover.
    1. Suspend the active firewall.
      Select DeviceHigh AvailabilityOperational Commands and click the Suspend local device link.
    2. Verify that the passive firewall has taken over as active.
      On the Dashboard, verify that the state of the passive firewall changes to active in the High Availability widget.
    3. Restore the suspended firewall to a functional state. Wait for a couple of minutes, and then verify that preemption has occurred, if Preemptive is enabled.
      1. On the firewall you previously suspended, select DeviceHigh AvailabilityOperational Commands and click the Make local device functional link.
      2. In the High Availability widget on the Dashboard, confirm that the firewall has taken over as the active firewall and that the peer is now in a passive state.

    Verify Failover or Suspend HA (SCM)

    Suspend high availability (HA) for a managed firewall in an active/passive HA configuration from Strata Cloud Manager. Suspend the HA for maintenance or to verify a failover.
    1. Log in to Strata Cloud Manager.
    2. Configure Active/Passive HA.
    3. Suspend HA for the HA peer.
      1. Select WorkflowsNGFW SetupDevice ManagementSystem SettingsDevice ManagementCloud Managed Devices and locate the HA peer for which you want to suspend HA.
      2. In the Actions column, expand the menu and Suspend HA.
        Click OK to confirm suspending HA on the HA peer.
      3. Verify the HA status for the now suspended HA peer displays suspended.
    4. Restore HA for the suspended HA peer.
      1. Select WorkflowsNGFW SetupDevice ManagementSystem SettingsDevice ManagementCloud Managed Devices and locate the suspended HA.
      2. In the Actions column, expand the menu and Restore HA.
        Click OK to confirm restoring HA on the suspended HA peer.
      3. Verify the HA status for the restored HA peer displays active.

    © 2026 Palo Alto Networks, Inc. All rights reserved.