My dashboard shows a "App Version Mismatch" in a HA setup. The active is supposed to download the app version and sync it to the passive.
To confound the issue as per the following the "active" firewall is running the older version causing the mismatch:
admin@(active)> show high-availability all | match Application
Application Content: 327-1497
Application Content Compatibility: Mismatch
Application Content: 328-1503
However the following shows active is running the latest version:
admin@(active)> show system info | match app-version
So HA is saying the active firewall is running a older app version than it actually is. Any hints on how to go about correcting this situation?
Can you say the output of just the "show system info" of both the active device and passive device ?.
And regarding the question of what is the impact of the app version mismatch ? - its not going to stop the session sync. Its just the differences in the app versions will not sync means if the newer version has new apps or modified apps the older version will not have that and will behave in a different manner.
Is this really true?
I mean if you use userid and a new user tries to setup a session then this user will not be allowed until mgmtplane is back on track and can answer the dataplane which user is using the specific ip (which the dataplane then will case for the TTL one have set)?
Also if using SSL-termination then SSL-based traffic will be blocked (new sessions) because the MITM cert is being created by the mgmtplane on some models (at least on the PA2000-series)?
And finally you will lose log-entries during the time mgmtplane is offline?
So already established traffic shouldnt be affected, but new sessions might be affected (depending on if you use userid and/or ssl-termination).
Restarting the management plane did not work for.!!
For the peer that is behind and is erroring when attempting a manual install:
A bit drastic but I read somewhere on the KB that backing up your configuration, reinstalling the PAN OS then installing the AV or App threat update will fix it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!