3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure Condition

Information

Configure Link Monitoring and/or Path Monitoring under High Availability options. If Link Monitoring is utilized, all links critical to traffic flow should be monitored.
Rationale:
If Link or Path Monitoring is not enabled, the standby router will not automatically take over as active if a critical link fails on the active firewall. Services through the firewall could become unavailable as a result.

Solution

To set Link Monitoring from GUI:
Navigate to Device > High Availability > Link and Path Monitoring.
Click Link Monitoring.
Set the correct interfaces to the Link Group and Group Failure Conditions.
Click Link Monitoring.
Set Failure Condition to Any.
Check Enabled button.

To set Path Monitoring from GUI:
Navigate to Device > High Availability > Link and Path Monitoring.
Click Path Monitoring.
Set Option correctly.
Set Failure Condition to Any.
Set Name, IP Address, Failure Condition correctly.
Set Default setting to Any.
Check Enabled button.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-13(5)

Plugin: Palo_Alto

Control ID: ed1abdab50169eb9f8a5951c423794624e7d7185e3a6fd5e0b3295b452653f1b