- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-11-2018 09:06 AM
Hi,
when I attempt to apply a commit I receive this warning:
The following component(s) are mismatched with the peer device:
Application Content
Threat Content
Why this? If I apply the commit what is the result? Do I have to worry?
I have 7.0.9 version.
04-11-2018 01:27 PM
1) Update your firewall you are severly out of date when it comes to maintenance releases and your current PAN-OS version has documented security issues.
2) This is likely linked to https://live.paloaltonetworks.com/t5/Customer-Advisories/Content-Update-Advisory-Important-Informati...
Is it an Issue?
Yes. If your content versions get outdated for an extended period of time one of your firewalls run the potential of behaving differently then the other.
04-11-2018 01:31 PM
There is nothing you really have to worry about. But you should make shure that both HA members have the same apps and threat versions installed because with diffefent versions the two members might not behave the same with some traffic.
And what you definately should do is upgrading at least to PAN-OS 7.1 as PAN-OS 7.0 is no longer supported since december 2017 (https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary)
04-16-2018 10:33 AM
Just connect to the peer with the lowest version installed, and go into Device tab --> Dynamic Updates. Click Check Now, then install the latest version. A dialog will pop up asking if you want to sync to the HA Peer, check that. Do this for each of the AV/Malware/other software that's not in sync.
After that, they should continue to remain in sync. It's a known issue with HA configurations and the new 4-digit software versions. We had to do this last week, and things have remained in sync since.
04-19-2018 06:03 AM
Hi,
where can i view the version installed in every device?
I have only one web access. How can I have access on a specific device?
04-19-2018 06:15 AM
Did you at least setup the management interface on each of the devices? If you only have a management profile assigned to an interface you would need to either fail over the traffic and get the information from the secondary firewall, or you would need to go in through the console cable.
You can either view the installed version on the GUI by going to the Device tab and navigating to 'Dynamic Updates' or loging to the CLI and run 'request content upgrade check' this will list the current version, along with any newer versions that may be available for download and install.
I would highly recommend that you look at configuring both the management interfaces so that you consistantly have access to both devices.
04-19-2018 07:25 AM
Hi,
I have now made a test with a new commit and the error is expired. So I think that the problem solved itself. Now the two devices are synchronized and the problem is gone.
Thanks to all.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!