I got an issue to update a cert on PA pair.
The issue is very similar to what it describes under
I import the new cert to both PA FW units and change config to use the new cert. However it comes with config out-of-sync issue and somehow the new cert on passive unit is removed after committing config.
any fix for the issue?
This is what I would do (thinking out of the box)
If HA firewalls....
Export the configurtion from the active FW.
Import the configuration in the passive FW
Now, both FWs have 100% the exact config.
On the passive FW, change the config to modify/update the config to use the original mgmt IP
On the passive FW, because it has the exact HA configuration as the active FW, modify it so that is has the orignal HA settings that the standby FW would have.
Commit on the standby
Now, you have the cert on both FWs
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!