If one of the HA status squares is red, check if one of the machines has crashed. If it has not crashed, try the following steps:

  • If HA is configured for multicast traffic (that is, if Use Broadcast IP address is disabled on the MOVEit WAF HA Parameters screen), then:

    • Confirm that the switch allows multicast traffic.

    • Confirm that settings that block multicast traffic, such as 'IGMP snooping', are disabled on the switch.

  • Ensure that promiscuous mode and portfast are enabled on the switch(es) connecting both units.
  • Also;
    • Ensure that MAC spoofing is allowed.
    • Move both units to the same host to confirm the issue is related to hardware devices/switches.
    • In VMware - ensure Notify Switches is set to No.
    • In VMware, there are security policies that can be applied to the virtual switches that can prevent MOVEit WAF from properly controlling the MAC addresses for HA. You can find out more about these policies by referring to the VMware documentation.
    • Hyper-V has a per-vNIC setting to Allow MAC Spoofing in the Virtual Machine NIC settings - this must be enabled. This can be enabled in the Hyper-V Manager Graphical User Interface (GUI) or using PowerShell. Refer to the Microsoft documentation for further information.
  • Reboot both of the units using a single IP.
  • Ping between the units.
  • Confirm the IP address settings.
  • Check the HA settings on both machines.
  • Select more than one interface for HA checks.
  • Change the HA Virtual ID to something other than 1 (preferably higher than 10).
  • Increase the value of the HA timeouts.