High Availability setup not working - Error Contacting Peer HA Firewall

10/14/2021 75 People found this article helpful 42,842 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

This article describe one known issue when setting up a new High Availability Pair.

After configuring the HA on the primary firewall as per How to Configure High Availability (HA), the Primary firewall will show the message "Error Contacting Peer HA Firewall".

Cause

This error might be related to:

• Portshield enabled on the Secondary (Peer) Firewall's interfaces
• Administration Password is not the default one or is not the same on both firewalls.

Resolution

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

• Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable PortShield
• On the Primary firewall, change the Administration Password to the default one:
  1. Navigate to the Manage tab
  2. Go to Appliance | Base Settings and scroll down to Administrator Name & Password
  3. Set a new password for the Administration that is identical to the Secondary administration password.

     CAUTION: It's highly suggested using the default password since we assume the secondary is on factory default and so it's set to the default password as well.

After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration and portshield disabled on the Secondary), the HA should start the process of synchronizing the configuration.

The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

• Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable PortShield
  
• On the Primary firewall, change the Administration Password to the default one:
  1. Go to System | Administration and scroll down to Administrator Name & Password
  2. Set a new password for the Administration that is identical to the Secondary administration password.

      CAUTION: It's highly suggested using the default password since we assume the secondary is on factory default and so it's set to the default password as well.

After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration and portshield disabled on the Secondary), the HA should start the process of synchronizing the configuration.

The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.

Related Articles

• How to force an update of the Security Services Signatures from the Firewall GUI
• How to upload security services signatures manually on Closed Environments?
• How to Create Gen 7 Settings File by Using the Online Migration Tool

Categories

• Firewalls > NSa Series > High Availability
• Firewalls > SonicWall NSA Series > High Availability
• Firewalls > TZ Series > High Availability
• Firewalls > SonicWall SuperMassive 9000 Series > High Availability