Replace A Drive On A Pa-5200 Series Firewall; Replace A Log Drive On A Pa-5200 Series Firewall - PaloAlto Networks PA-5200 Seriesp Hardware Reference Manual

Service the PA-5200 Series Firewall

Replace a Drive on a PA-5200 Series Firewall

The PA-5200 Series firewalls have two solid-state drives (SSDs) used for system files and system
logs and two hard-disk drives (HDDs) used for network traffic log storage. Each drive pair is in a
RAID 1 array so that if a drive fails, you can replace the failed drive (using the same model drive)
without service interrupon. The system drives are labeled SYS 1 and SYS 2 and the log drives are
labeled LOG 1 and LOG 2.
When ordering a replacement drive from Palo Alto Networks or your reseller, you receive
two drives. This ensures that if the replacement drive is not the same model as the failed
drive, you can install two new matching drives. If the replacement drive model is the same
as the failed drive, you need only replace one failed drive and can store the second drive
as a spare. For firewalls in an HA pair, there is no requirement that the drive sizes match
between the paired systems.
The procedures to replace a system drive (SSD) and a log drive (HDD) are different.
•

Replace a Log Drive on a PA-5200 Series Firewall

• Replace a System Drive on a PA-5200 Series Firewall
Replace a Log Drive on a PA-5200 Series Firewall
The following procedure describes how to replace a failed log drive. There are two scenarios: one
where the replacement drive is the same model as the failed drive and one where the replacement
drive is not the same model.
In a high availability (HA) configuraon, if one log drive fails (or if both log drives fail) in the
acve firewall, the firewall enters the non-funconal HA state and fails over. If the firewall
is not in an HA configuraon and one log drive fails, the firewall connues to operate. If
both log drives fail in a non-HA configuraon, the firewall connues to operate but it does
not log network traffic and you cannot commit the configuraon unl there is at least one
funconing log drive.
Depending on the size of the drive, it may take several hours for the new disk to be
formaed and synced.
STEP 1 |
Idenfy the failed drive and determine the drive model by running the following operaonal
command to view the status and model fields:
admin@PA-5020>
The following output shows that the Log1 drive failed and that the model number of that drive
is ST2000NX0253. The system log also shows an error that indicates which drive failed (Log1
or Log2).
Disk Pair Log
Status
PA-5200 Series Next-Gen Firewall Hardware Reference
show system raid detail
37
Available
clean, degraded
2021 Palo Alto Networks, Inc.
©