there are two pa 3020 with 8.0.7 in HA active passive.
Three days ago, I switched the passive fw to active.
Yesterday I switched back. I stated that the running config isn't synchronized, but I switched nevertheless.
So I think I should "sync to peer" in the HA dashboard. But from which firewall to which firewall?
Solved! Go to Solution.
you will need to verify the configuration between the firewalls and decide which one is the one you need to keep:
@reaperWhen I compare the two configs as your screenshot shows, it shows me a lot of local settings that differ, for example:
hostname, management ip address, peer-ip, ha ip addresses.
I mean, that's okay since that are two physical firewalls.
But what happens when I sync the config?
Hi @MPI-AE ,
Configuration audit is performing diff on the full configuration. That is why you will see some yellow lines that hostname, management IP etc are different between members.
If you check the documentation here you can see that none of these configurations will sync - What Settings Don’t Sync in Active/Passive HA?
So you may want to focus on the rest of the output from the config audit - on the configuration that is synchronized between member and will sync if you run "sync to peer"
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!