Details
Configure Link Monitoring and/or Path Monitoring under High Availability options. If Link Monitoring is utilized, all links critical to traffic flow should be monitored.
Rationale:
If Link or Path Monitoring is not enabled, the standby router will not automatically take over as active if a critical link fails on the active firewall. Services through the firewall could become unavailable as a result.
Solution
To set Link Monitoring from GUI:
Navigate to Device > High Availability > Link and Path Monitoring.
Click Link Monitoring.
Set the correct interfaces to the Link Group and Group Failure Conditions.
Click Link Monitoring.
Set Failure Condition to Any.
To set Path Monitoring from GUI:
Navigate to Device > High Availability > Link and Path Monitoring.
Click Path Monitoring.
Set Option correctly.
Set Name, IP Address, Failure Condition correctly.
Set Failure Condition to Any.
Set Default setting to Any.
Default Value:
Not Configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Palo_Alto.