Panorama HA is similar to the regular HA with some minor changes.
The active device in a Panorama HA configuration can make and push all configuration changes to managed devices. And although the passive device cannot make configuration changes, it is still able to push configuration changes to managed devices. The priority of the device dictates which Panorama device receives logs from managed devices. The priority of Panorama is completely independent from the HA state of the device. If no priority is set for the Panoramas, then both show their state as unknown-active and unknown-passive, but this kind of configuration is not recommended.
The primary device receives all logs and the secondary, by default, does not receive logs. If the Panorama devices are using a shared NFS storage, then this kind of setting is suitable, where only one firewall logs to the disk at a time, preventing duplicate logs. You can change this setting so that both the primary and the secondary receive logs. Use the command:
> set deviceconfig setting management only-active-primary-logs-to-local-disk no.
Execute the command on the active device, then perform config sync afterward. This setting is suitable and possible only if the Panorama devices use individual local disks for logging.
As in regular HA, an IP address can be monitored and can trigger failover if the IPs are not reachable. However, the failover is applies to the state of the device, not the priority. After the failover, the active device becomes passive and the passive becomes become active, but the priorities of the devices remain the same.
After a failover, the state of the device looks like this: active-secondary and passive-primary. In this state, neither device receives logs, as the default setting is that only active primary receives logs. But in this case, the active device is now in a secondary state.
Use the above command to send logs to both the devices or manually switch priority so the new active device becomes primary. This can be done from the Web GUI or from the CLI:
> set deviceconfig high-availability election-option priority primary/secondary
owner: sdurga