Limits on commits

Reply
L1 Bithead

Limits on commits

Hi Guys,

 

We are running scripts to push configurations into the firewalls. Everything is done via CLI and with set statements (I know that it is odd, but that's the way it is). Does anyone know are there any limits on the configuration size because sometimes we have config synchronization problems with the secondary box? 

 

Cheers

L7 Applicator

Re: Limits on commits

What is the sync error message?

A variety of problems can cause sync failure and it may not be related to the method used to make the changes at all.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L1 Bithead

Re: Limits on commits

Hi Steve,

 

Thanks for answering. Basically, time to time ends with the following:

 

Configuration Synchronization:
Enabled: yes
Running Configuration: not synchronized
Out-of-sync Reason: Failure to complete config sync

 

And then you have to do all kinds of tricks to come back to the normal operations.

Especially true if you push something big in. What are the problems you are referring to that can affect this sync, besides the obvious that will directly affect in-cluster communication? Is this process flaky? Something to worry about? 

 

@Guys,

 

Anyone else was facing these issues?

 

Regards

L7 Applicator

Re: Limits on commits

There was a software bug in 8.0 to 8.0.5 that caused intermitent config sync issues due to memory issues.

 

Problems with large packets on the control links between the devices can cause config sync to intermitently fail.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L1 Bithead

Re: Limits on commits

Steve,

 

Hmm.... Do you know the bug ID by any chance?

 

Regards

 

L7 Applicator

Re: Limits on commits

the bug id was 81100 for that one.  I show the fix was to upgrade to 8.0.6

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L1 Bithead

Re: Limits on commits

Steve,

 

Thanks a ton! I will chase TAC for it now - I have concerns about its resolution as we are running 8.0.7 and sometimes commit sync fails for no apparent reason.

 

Regards

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!