High Availability setup not working - Error Contacting Peer HA Firewall

08/23/2021 72 10904

DESCRIPTION:

This article describe one known issue when setting up a new High Availability Pair.

After configuring the HA on the primary firewall as per How to Configure High Availability (HA), the Primary firewall will show the message "Error Contacting Peer HA Firewall".

CAUSE:

This error might be related to:

• Portshield enabled on the Secondary (Peer) Firewall's interfaces
• Administration Password is not the default one or is not the same on both firewalls.

RESOLUTION:

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

• Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable PortShield
• On the Primary firewall, change the Administration Password to the default one:
  1. Navigate to the Manage tab
  2. Go to Appliance | Base Settings and scroll down to Administrator Name & Password
  3. Set a new password for the Administration that is identical to the Secondary administration password.

     CAUTION: It's highly suggested using the default password since we assume the secondary is on factory default and so it's set to the default password as well.

After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration and portshield disabled on the Secondary), the HA should start the process of synchronizing the configuration.

The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

• Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable PortShield
• On the Primary firewall, change the Administration Password to the default one:
  1. Go to System | Administration and scroll down to Administrator Name & Password
  2. Set a new password for the Administration that is identical to the Secondary administration password.

      CAUTION: It's highly suggested using the default password since we assume the secondary is on factory default and so it's set to the default password as well.

After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration and portshield disabled on the Secondary), the HA should start the process of synchronizing the configuration.

The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.