03-04-2020 06:27 AM
I have version 8 on a PA 3220 and on the secondary device ( hot stand by ) we have version 9, there is some problem in that they work with different versions
03-11-2020 11:35 AM
That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.
So, If i need to upgrade the OS.
I have to trigger fail over to pass the traffic through Passive Device.
Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.
I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.
I hope you correct me if i am wrong !
03-04-2020 08:00 AM
You need to match PAN OS version.
03-11-2020 07:20 AM
The HA peers should have the same version of PAN-OS and content version, in order to set them into a HA pair.
Refer to the documentation below on the HA overview for further details,
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/ha-overview.html
Thanks.
03-11-2020 10:06 AM
In order to work HA properly, Both the firewalls should be running the same PAN-OS version and must each be up-to-date on the application, URL, and threat databases.
03-11-2020 11:35 AM
That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.
So, If i need to upgrade the OS.
I have to trigger fail over to pass the traffic through Passive Device.
Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.
I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.
I hope you correct me if i am wrong !
03-11-2020 11:58 AM
When we are upgrading the OS on a HA pair, for active/passive firewalls, must upgrade the passive peer first, suspend the active peer (fail over), update the active peer, and then return that peer to a functional state (fail back).
To prevent fail over during the upgrade of the HA peers, must make sure preemption is disabled before proceeding with the upgrade. We only need to disable preemption on one peer in the pair.
You can check the upgrade steps in the link below.
03-12-2020 06:46 AM
Thank you very much we have taken the team to secondary to version 8 and it has worked perfectly then we will migrate to version 9
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
