An organization has configured an active/passive high availability pair of Palo Alto Networks firewalls. During a maintenance window, the active firewall was rebooted. After the reboot, the passive firewall became active, but the session table on the original active firewall is incomplete. The administrator notices that session synchronization is not working properly. Which two configuration checks should the technician perform to resolve this issue?
The HA2 link is dedicated to session synchronization; if it is down or congested, sync fails.
Why this answer
Session synchronization uses the HA2 link, so verifying its operation (A) is critical. Additionally, session sync must be enabled in the HA configuration and the firewalls should run the same software version (C) to ensure compatibility. Option B (HA1) is for heartbeat, not synchronization.
Option D is incorrect because disabling encryption does not improve sync reliability. Option E (heartbeat hold timer) affects failover timing, not synchronization.