High Availability setup not working - Error Contacting Peer HA Firewall

03/26/2020 46 8423

DESCRIPTION:

This article describe one known issue when setting up a new High Availability Pair.

After configuring the HA on the primary firewall as per How to Configure High Availability (HA), the Primary firewall will show the message "Error Contacting Peer HA Firewall".

CAUSE:

This error might be related to:

• Portshield enabled on the Secondary (Peer) Firewall's interfaces
• Administration Password is not the default one or is not the same on both firewalls.

RESOLUTION:

• Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable PortShield
• On the Primary firewall, change the Administration Password to the default one:
  1. Go to System | Administration and scroll down to Administrator Name & Password
  2. Set a new password for the Administration that is identical to the Secondary administration password.

     CAUTION: It's highly suggested using the default password since we assume the secondary is on factory default and so it's set to the default password as well.

After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration and portshield disabled on the Secondary), the HA should start the process of synchronizing the configuration.

The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

• Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable PortShield
• On the Primary firewall, change the Administration Password to the default one:
  1. Navigate to the Manage tab
  2. Go to Appliance | Base Settings and scroll down to Administrator Name & Password
  3. Set a new password for the Administration that is identical to the Secondary administration password.

     CAUTION: It's highly suggested using the default password since we assume the secondary is on factory default and so it's set to the default password as well.

After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration and portshield disabled on the Secondary), the HA should start the process of synchronizing the configuration.

The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.