Details
Ensure a High Availability peer is fully synchronized and in a passive or active state.
Rationale:
To ensure availability of both the firewall and the resources it protects, a High Availability peer is required. In the event a single firewall fails, or when maintenance such as a software update is required, the HA peer can be used to automatically fail over session states and maintain overall availability
Solution
Navigate to Device > High Availability > General.
Click General. Click Data Link (HA2). Select the correct interface. Select the desired protocol (IPv4 or IPv6). Select the correct Transport. Set the Enable Session Synchronization box to be checked.
Choose Save Configuration.
Impact:
Not configuring High Availability (HA) correctly directly impacts the Availability of the system. With HA in place, standard maintenance such as OS updates, network and power cabling can be accomplished with no outage or a minimum impact.
Default Value:
Not Configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Palo_Alto.