PA-500 - Replacement is not acting the same as old one

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA-500 - Replacement is not acting the same as old one

Not applicable

Here is our scenario.....please keep in mind I'm not a network person

We have two PA-500s.  They used to be in HA but we had taken one out for a different purpose early last year so we were running in stand alone.

The PA-500 worked great but we started having random crashes.  So we rushed to put the secondary back in and put it into HA mode while we investigated the problem.  When the primary crashed, out secondary did take over but it did not exhibit the same characteristics as our primary.  The configuration was the same as the first but it blocked websites it was not supposed to, it was slow to move traffic and it let things in we were blocking on the primary (ads, chats, etc).  Not all policies/rules appeared to be applied the same as the primary.

When we switched it back to the primary (after it came back up) then our network worked fine.  Support could not answer why.

Fast forward 4 months and after working with support this entire time, it was finally agreed that the hard drive was dying in our primary so they sent us a new PA-500.

We transferred the configuration, made sure software was updated and everything.  Transferred licenses and installed the new primary firewall.  Guess what....same issue as our secondary.  It is also blocking traffic it shouldn't, letting ads in, and just not being consistent in its performance.  The traffic is slower to one person than another.  One person can get to a site and another can't get to the same site.  We are at our wits end and have been troubleshooting this for weeks now.  Does anyone have an idea what would be causing the problem?  Ideas on what to check?  If we put the old one back in, then everything works fine again so we KNOW it is not the layer one connections.

4 REPLIES 4

L6 Presenter

can we make this a little bit clear

you have pa500 as A,B,C at all.

At first A-B cluster had a problem with B.From disk issue You changed A with new C.

Now you have C-B cluster and you have problem with B

All problems are occuring after failover ???

yes we had A running and it works fine except for a hard disk error.

We added B in and set up HA but B does not work correctly when it becomes active.

We received a new PA-500 we'll call it C.  We copied the config from A and installed it to C.

We replaced A with C and now neither C or B work correctly.  It doesn't matter which one is active, they still act incorrectly.  We tested this by putting A back in place and A continues to work correctly minus the hard drive random failure.

What would be different between A's configuration/setup and B and C when we copied it from A?

very interesting issue.

Well when you export config A when it is alone and imported it to the device B(or C)

if B or C does not work when they are alone not HA, this is not normal.Maybe you can try to configure B or C ( after factory reset) manually.

  • 2092 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!