Create two lists in the Palo Alto FW; Active, Passive, and the possibility of Active-Active

In order to detect a drop in the high availability of Palo Alto firewalls, it is necessary to detect when the HA value goes to zero.

The problem comes when we have active, passive and active-active in the same list. If you apply a generic rule that triggers an alert when the HA goes to zero, the passive ones are always in the alert. So it becomes necessary to have a complex rule that allows to verify a change in the HA, either to 1 or to zero depending on the firewall configuration.

If we had two or three lists, we could simplify with simple rules and have the active firewalls alert when HA goes to zero, and the passive firewalls alert when HA goes to one. The active-active ones are set to one, so you could set them to alert when they go to zero.