Cannot sync two machines in HA mode

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cannot sync two machines in HA mode

L0 Member

Hi,
Heres my case: Machine A and B was working in HA mode.Meanwhile their antivirus and threat licenses expired and we didnt renewed them. Both machines has valid and up-to-date URL filtering license.

Machine B went dead after some power problems and no longer worked anymore.

We replaced it with machine C. Registered Machine C on paloalto and installed the URL filtering license on it

Now we want to join again machine C to machine A, in HA mode.

The HA sync starts normally but is always aborted because the versions of the Threat and Antivirus on machine A is not the same on C!

the versions on the C machine are 0 (zero) (thats correct as I said we no longer renewed them and the updating of the software didnt installed them) while A machine has the expired licenses

I cannot remove or update the expired threat and Virus versions from A, and I cannot install any Threat and Virus license on C machine so I am stucked and caanot do any HA sync!

Please any clue on how do I can solve this situation?

Regards,

Luis

1 accepted solution

Accepted Solutions

Again, contact your Sales Engineer (and dont forget to reply to this thread once you have regarding which answers your SE gave you).

According to the admin guide the recommended way regarding HA (specially when you run into problems) is to do factory reset on both boxes and configure them from scratch (again dont forget to take backup of running-config before you reset them).

The tricky part in your case is that no matter which method you use you will end up with downtime.

If downtime is no problem I would try the trial license method to get both boxes to the same PANOS aswell as same URL db and Threat db and then try to connect them using HA again. The question then is what will happen when the trial license expires (unless you load the boxes with proper licenses, mainly thinking of the threat db stuff which you dont seem to want to buy any longer?)...

View solution in original post

4 REPLIES 4

L6 Presenter

Sounds like you should contact your Sales Engineer.

The quickfix would of course be to get a threat license for both boxes (or a regular + HA license if that exists).

Otherwise I would try to factory reset both boxes and then import the backup of the running-config (dont forget to change its name otherwise you end up with two "running-config" :smileysilly:) - downside with this method is that you would lose the current threat db in machine A.

Does anyone know if one can import a threat db without license?

If so then perhaps your Sales Engineer could provide you with a copy of the db used in machine A.

Hi Mikand, thanks for replying.

regarding asking for licenses:

Can I generate and use a Trial license for both machines? will this trial license OVERLAY the old expired license on the A machine? If positive, you think the trial license will not generate problems in a HA sync?

Regards, Luis

Again, contact your Sales Engineer (and dont forget to reply to this thread once you have regarding which answers your SE gave you).

According to the admin guide the recommended way regarding HA (specially when you run into problems) is to do factory reset on both boxes and configure them from scratch (again dont forget to take backup of running-config before you reset them).

The tricky part in your case is that no matter which method you use you will end up with downtime.

If downtime is no problem I would try the trial license method to get both boxes to the same PANOS aswell as same URL db and Threat db and then try to connect them using HA again. The question then is what will happen when the trial license expires (unless you load the boxes with proper licenses, mainly thinking of the threat db stuff which you dont seem to want to buy any longer?)...

Hi Mikland, thankyou for all the tips, Ive used the factory reset method and it worked out ok, everything is in HA now

Regards,

Luis

  • 1 accepted solution
  • 3039 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!