03-04-2020 06:27 AM
I have version 8 on a PA 3220 and on the secondary device ( hot stand by ) we have version 9, there is some problem in that they work with different versions
03-11-2020 11:35 AM
That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.
So, If i need to upgrade the OS.
I have to trigger fail over to pass the traffic through Passive Device.
Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.
I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.
I hope you correct me if i am wrong !
03-04-2020 08:00 AM
You need to match PAN OS version.
03-11-2020 07:20 AM
The HA peers should have the same version of PAN-OS and content version, in order to set them into a HA pair.
Refer to the documentation below on the HA overview for further details,
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/ha-overview.html
Thanks.
03-11-2020 10:06 AM
In order to work HA properly, Both the firewalls should be running the same PAN-OS version and must each be up-to-date on the application, URL, and threat databases.
03-11-2020 11:35 AM
That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.
So, If i need to upgrade the OS.
I have to trigger fail over to pass the traffic through Passive Device.
Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.
I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.
I hope you correct me if i am wrong !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!