Palo Alto Firewall HA CLI Commands

>show high-availability all
>show high-availability state
>show high-availability link-monitoring
>show high-availability path-monitoring

Configuring High Availability: https://live.paloaltonetworks.com/docs/DOC-2926

After enabling HA, the interfaces on the firewall will switch from using the interface MAC address to a virtual MAC address.  In my case, the Palo Alto updated the MAC address to connected devices, except for the loopback interfaces. I had to clear the arp table of my internet edge routers to update the MAC of the loopbacks (I’m terminating GlobalProtect to the loopback interfaces).

More information regarding the MAC address change can be found here: https://live.paloaltonetworks.com/docs/DOC-4144

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s