Nominated Discussion: HA Failover When Config is Not Synced

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member
No ratings

This article is based on a discussion, HA failover if Running Config is not synced, posted by Cyber Elite expert @MP18 and answered by fellow Cyber Elite @BPry. Read on to see the discussion and solution!


If on Active/Passive HA-setup both PA's show that the running config is not synced.


Let's say a failover happens for some reason or we trigger the failover manually by suspending the active PA. Will the passive PA become active and start passing the traffic even though the running config is not synced between the two ?


The passive PA will become active, and will pass traffic. It simply will not be using the same configuration file. This can cause issues; for example, if you've since added/removed additional security policies that are not present on the peer HA unit, a function that is expected to be working could possibly stop functioning simply because the configuration was not synced with your peer unit. 


Note: It's key to understand why the synced failed in order to fix this. What error are you seeing in the logs for a configuration sync failure? What happens if you attempt to sync the configuration from the active to the passive manually?  It could be as simple as a user holding a configuration lock on the passive unit, or a larger issue. 

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎07-26-2022 07:39 AM
Updated by: