topic Re: Dynamic updates download but not install on HA in General Topics https://live.paloaltonetworks.com/t5/general-topics/dynamic-updates-download-but-not-install-on-ha/m-p/41410#M30443 <HTML><HEAD></HEAD><BODY><P>The bad thing with the later approach is when failover occurs. The now active (previously passive) device will try to get its updates from the now offline box. Also if using this method dont forget to enable preemptive failover aswell (that is as soon as the original active box (now offline) returns it should take charge of the traffic flows).</P><P></P><P>Disclaimer: Unless PA already handles this case so you wont end up with a box (after a failover) that never updates its databases...</P></BODY></HTML> Tue, 02 Apr 2013 14:44:49 GMT mikand 2013-04-02T14:44:49Z Dynamic updates download but not install on HA https://live.paloaltonetworks.com/t5/general-topics/dynamic-updates-download-but-not-install-on-ha/m-p/41409#M30442 <HTML><HEAD></HEAD><BODY><P>We've got an HA pair of 5050s.&nbsp; They both have a job to download and install dynamic updates at 12:00 AM.</P><P></P><P>I've seen occasions where one of the boxes will download but not install the update.&nbsp; They are also set to push a version of the update to the HA peer.</P><P></P><P>I"m wondering if having them check at the same time and try to push to each other is not ideal.</P><P></P><P>I'm guessing I should consider stopping the HA sync of dynamic updates, or only have one box check for updates and make that one push the update over to the other.</P><P></P><P>Anyone doing similar things?</P></BODY></HTML> Tue, 02 Apr 2013 13:14:38 GMT https://live.paloaltonetworks.com/t5/general-topics/dynamic-updates-download-but-not-install-on-ha/m-p/41409#M30442 aglej 2013-04-02T13:14:38Z Re: Dynamic updates download but not install on HA https://live.paloaltonetworks.com/t5/general-topics/dynamic-updates-download-but-not-install-on-ha/m-p/41410#M30443 <HTML><HEAD></HEAD><BODY><P>The bad thing with the later approach is when failover occurs. The now active (previously passive) device will try to get its updates from the now offline box. Also if using this method dont forget to enable preemptive failover aswell (that is as soon as the original active box (now offline) returns it should take charge of the traffic flows).</P><P></P><P>Disclaimer: Unless PA already handles this case so you wont end up with a box (after a failover) that never updates its databases...</P></BODY></HTML> Tue, 02 Apr 2013 14:44:49 GMT https://live.paloaltonetworks.com/t5/general-topics/dynamic-updates-download-but-not-install-on-ha/m-p/41410#M30443 mikand 2013-04-02T14:44:49Z