3.1 Ensure a fully-synchronized High Availability peer is configured

Information

Ensure a High Availability peer is fully synchronized and in a passive or active state.

Rationale:

To ensure availability of both the firewall and the resources it protects, a High Availability peer is required. In the event a single firewall fails, or when maintenance such as a software update is required, the HA peer can be used to automatically fail over session states and maintain overall availability

Impact:

Not configuring High Availability (HA) correctly directly impacts the Availability of the system. With HA in place, standard maintenance such as OS updates, network and power cabling can be accomplished with no outage or a minimum impact.

Solution

Navigate to Device > High Availability > HA Communications.
Click HA Communications. Click Data Link (HA2). Select the correct interface. Select the desired protocol (IPv4 or IPv6). Select the correct Transport. Set the Enable Session Synchronization box to be checked.
Choose Save Configuration.

Default Value:

Not Configured

See Also

https://workbench.cisecurity.org/benchmarks/13792

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-13(5)

Plugin: Palo_Alto

Control ID: 6df5f12a8afbc11c5c80371e1999c4dd51a8dfc56a9e7375e17ab18451e3fcc2