-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
High Availability setup not working - Error Contacting Peer HA Firewall
09/09/2024 
168 People found this article helpful
485,302 Views
Description
This article describe one known issue when setting up a new High Availability Pair.
After configuring the HA on the primary firewall as per How to Configure High Availability (HA), the Primary firewall will show the message "Error Contacting Peer HA Firewall" ; "Cannot force failover: Peer's link status is worse than us"
Cause
This error might be related to one of the following:
- Version mismatched, both firewall Firewall doesn't have the same Firmware version.
- You have a cabling issue. This means the standbys unit has less links that are up than the primary; Meaning: your standy unit has an interface that is down, but on the primary it's up.
-
Portshield enabled on the Secondary (Peer) Firewall's interfaces
-
Administration Password is not the default one or is not the same on both firewalls.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Check the current SonicWall firewall firmware version
- Login to the SonicWall Management interface.
- Navigate to the Dashboard.
- Go to Overview | Device | General
- You will able to see the firmware version under General
- Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable Portshield
- On the Primary firewall, change the Administration Password to the default one:
- Navigate to the Device Tab.
- Go to Settings| Administration Settings and scroll down to Administrator Name & Password
- Set a new password for the Administration that is identical to the Secondary administration password.
CAUTION: It's highly suggested to use the default password since we assume the secondary is on factory default and so it's set to the default password as well.
After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration, and port shield disabled on the Secondary), the HA should start the process of synchronizing the configuration.
The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Check the current SonicWall firewall firmware version
- Login to the SonicWall Management interface.
- Navigate to the Monitor tab.
- Go to System Status.
- You will able to see the firmware version under System Information.
- Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable Portshield
- On the Primary firewall, change the Administration Password to the default one:
- Navigate to the Manage tab
- Go to Appliance | Base Settings and scroll down to Administrator Name & Password
- Set a new password for the Administration that is identical to the Secondary administration password. CAUTION: It's highly suggested to use the default password since we assume the secondary is on factory default and so it's set to the default password as well.
After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration, and port shield disabled on the Secondary), the HA should start the process of synchronizing the configuration.
The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Check the Portshield status on the Secondary (Peer) firewall's interfaces: How to disable Portshield
- On the Primary firewall, change the Administration Password to the default one:
- Go to System | Administration and scroll down to Administrator Name & Password
- Set a new password for the Administration that is identical to the Secondary administration password. CAUTION: It's highly suggested to use the default password since we assume the secondary is on factory default and so it's set to the default password as well.
After doing this, if everything is properly set up (control interface properly connected, serial numbers correct on HA configuration, and port shield disabled on the Secondary), the HA should start the process of synchronizing the configuration.
The Administration Password can be, of course, changed back to a custom one after the HA Pair is correctly synchronized.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > NSa Series > High Availability
- Firewalls > SonicWall NSA Series > High Availability
- Firewalls > TZ Series > High Availability
- Firewalls > SonicWall SuperMassive 9000 Series > High Availability
YES
NO