Commit with warning

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Commit with warning

L3 Networker

Hi,

when I attempt to apply a commit I receive this warning:

The following component(s) are mismatched with the peer device:
Application Content
Threat Content

 

Why this? If I apply the commit what is the result? Do I have to worry?

I have 7.0.9 version.

 

6 REPLIES 6

Cyber Elite
Cyber Elite

1) Update your firewall you are severly out of date when it comes to maintenance releases and your current PAN-OS version has documented security issues. 

2) This is likely linked to https://live.paloaltonetworks.com/t5/Customer-Advisories/Content-Update-Advisory-Important-Informati...

 

Is it an Issue? 

Yes. If your content versions get outdated for an extended period of time one of your firewalls run the potential of behaving differently then the other. 

L7 Applicator

There is nothing you really have to worry about. But you should make shure that both HA members have the same apps and threat versions installed because with diffefent versions the two members might not behave the same with some traffic.

And what you definately should do is upgrading at least to PAN-OS 7.1 as PAN-OS 7.0 is no longer supported since december 2017 (https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary)

L4 Transporter

Just connect to the peer with the lowest version installed, and go into Device tab --> Dynamic Updates.  Click Check Now, then install the latest version.  A dialog will pop up asking if you want to sync to the HA Peer, check that.  Do this for each of the AV/Malware/other software that's not in sync.

 

After that, they should continue to remain in sync.  It's a known issue with HA configurations and the new 4-digit software versions.  We had to do this last week, and things have remained in sync since.

Hi,

where can i view the version installed in every device?

I have only one web access. How can I have access on a specific device?

@s_quasar,

Did you at least setup the management interface on each of the devices? If you only have a management profile assigned to an interface you would need to either fail over the traffic and get the information from the secondary firewall, or you would need to go in through the console cable. 

You can either view the installed version on the GUI by going to the Device tab and navigating to 'Dynamic Updates' or loging to the CLI and run 'request content upgrade check' this will list the current version, along with any newer versions that may be available for download and install. 

 

I would highly recommend that you look at configuring both the management interfaces so that you consistantly have access to both devices. 

Hi,

I have now made a test with a new commit and the error is expired. So I think that the problem solved itself. Now the two devices are synchronized and the problem is gone.

Thanks to all.

  • 2683 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!