-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to fix Secondary Firewall (HA Pair) connection issue with NSM
11/12/2024 
18 People found this article helpful
102,450 Views
Description
When a High Availability Pair(HA Pair) is onboarded in NSM, the Primary Firewall gets synced and connected but the Secondary Firewall shows not connected under Zero Touch Status.
Resolution
In certain instances, when an HA Pair gets acquired on NSM, Primary Zero Touch Status shows up as "Connected" but Secondary as "Disconnected".
We could see the following error messages for Disconnected Zero Touch Status for secondary firewall in NSM:
- Auth code missing or connection authentication failed.
- no Zero touch heartbeat response.
- ZT status for Secondary Standby unit shows "Unknown" in NSM.
Steps to troubleshoot for the following error messages:
1. Auth code missing or connection authentication failed or missing license keyset:
- To fix this issue, Reset Licenses and Security Services Info from diag page of Primary(Active) firewall. This will reset license on secondary firewall as well.
URL for diag page for Gen6 firewalls: https://x.x.x.x/diag.html
URL for diag page for Gen7 firewalls: https://x.x.x.x/sonicui/7/m/diag
CAUTION: Gen 7 firewall will reboot as soon as we Click "Reset Licenses and Security Services Info" in diag. Make sure to do this activity during maintenance window.
- After the license reset is completed, register both primary and secondary firewall separately.
If issue persists after license reset and re register, contact SonicWall Technical Support.
2. no Zero touch heartbeat response OR ZT status for Secondary Standby unit shows "Unknown" in NSM.
- Make sure that HA monitoring IPs are configured either on X0 interface or X1 interface for both Primary and Secondary.
- If Wan Failover and Load Balancing is configured on the firewall like Round Robin or Ratio etc, make sure to Enable the "Use Source and Destination IP Address Binding" so that Zero Touch connectivity uses only one wan connection.
- Check and make sure “Check Network Connectivity” tests from Device->Diagnostics from standby secondary firewall is successful.
- If network connectivity fails from Standby firewall, packet capture needs to be done in order to troubleshoot the issue further. Contact SonicWall Technical Support.
Ideal Zero Touch Status for Primary and Secondary Firewall in NSM should show like this:
Related Articles
- How to reset or update system time on analytics on-prem?
- Threat name in NSM SaaS/NSM On-Prem/Analytics
YES
NO