3.1 Ensure a fully-synchronized High Availability peer is configured

Information

Ensure a High Availability peer is fully synchronized and in a passive or active state.
Rationale:
To ensure availability of both the firewall and the resources it protects, a High Availability peer is required. In the event a single firewall fails, or when maintenance such as a software update is required, the HA peer can be used to automatically fail over session states and maintain overall availability

Solution

Navigate to Device > High Availability > General.
Click General. Click Data Link (HA2). Select the correct interface. Select the desired protocol (IPv4 or IPv6). Select the correct Transport. Set the Enable Session Synchronization box to be checked.
Choose Save Configuration.
Impact:
Not configuring High Availability (HA) correctly directly impacts the Availability of the system. With HA in place, standard maintenance such as OS updates, network and power cabling can be accomplished with no outage or a minimum impact.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|11, CSCv7|11

Plugin: Palo_Alto

Control ID: c78a9806cefff3725fce7fe9991871b854b271350e8838873c4f09c3cf4c2d64