HA suspend, reboot and automatic make local without intervention.
Hello dear friends, very good evening, I would like to comment on the following.
I have upgraded a couple of firewalls from version 9.1.12 to 9.1.13-h3, these firewalls managed by Panorama.
All normal, I started with the passive, upgrade, reboot, all good, then move to the active "I suspended the Firewall", pass the traffic to the passive and upgrade the main firewall and there that the strange thing that happened to me and still can not find an explanation, I am supposed to suspend the firewall and after installing and rebooting, the firewall I must manually, as I suspended it manually, I must apply "Make local device funtional", the thing is that while restarting the firewall I was in the context of the second firewall, I see that it already responds to ping, and change to the context of the main computer that had been updated, I go to the Operational section of the HA, to as usual, put it back as part of the HA "Make local device funtional" the computer had already returned to be part of the HA, without having to apply the Make local . ... And even the preemtive was not activated again... This made me very peculiar, please someone can tell me what happened here, because after updating and rebooting, the equipment automatically resumed its HA operation and I did not have to apply Make local device funtional, being that I had suspended it manually prior to the reboot ?.
I remain attentive, thank you very much for your support and your collaboration.
As far as I know "suspend" is reset after reboot (if only to 'assume the worst' and prepare accordingly), but I won't dispute the official documentation, that's a job for TAC ;)
"suspend" does not survive reboot If your rebooted firewall assumed the active role, something must have happened to trigger the fail-over, either preemptive, or an error on the secondary (look in the system logs)