This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Activate vsys in FW HA and impact from Panorama

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Activate vsys in FW HA and impact from Panorama

BigPalo
L4 Transporter

‎02-03-2026 03:31 AM - edited ‎02-03-2026 03:38 AM

Hi,

 

I have a cluster A/P 5220 model managed from panorama. I would like to activate multivsys capacity and started to configure little by little in a Cluster currently in service. All config is done from panorama.

 

What would it be the steps and is there any impact (reboot) or whatever. To use maintenance window to do it? if the FW are in HA any particular method?

0 Likes Likes
2 REPLIES 2

BPry
Cyber Elite

‎02-03-2026 06:26 AM

@BigPalo,

You will want to have a maintenance window since the mismatch state will cause the device to be suspended from an HA aspect, and you'll need to restart the device for the change to take effect. I always prefer to have someone on-site for this sort of maintenance just to ensure that you don't end up with both units thinking they need to be suspended, but you can absolutely do it remotely if needed. 

Everything you already have configured is already technically in the default VSYS ("vsys1") so nothing really happens from a configuration standpoint with what you already have configured. Since you're using Panorama you'll just want to ensure that multivsys is enabled on the template and then you'll be able to assign vsys to the device group. 

BigPalo
L4 Transporter
In response to BPry

‎02-03-2026 07:30 AM

Thanks Bpry as usual.

 

I was checking several links and im not sure if i would have to reboot the device: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kFPYCA2&lang=en_US

 

1) Activate the MULTIVSYS in the template and push only in the passive node.

2) The passive node will enter to "non-functional" state. Do i need to reboot it? If i reboot the device will be in the same "non functional status" since in the active wasnt enabled VSYS yet. how can manage/failover this to not cause impact?

im not sure with the steps.... can you help

0 Likes Likes
  • 265 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks