- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
Different version
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Different version
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-04-2020 06:27 AM
I have version 8 on a PA 3220 and on the secondary device ( hot stand by ) we have version 9, there is some problem in that they work with different versions
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-04-2020 08:00 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-11-2020 11:35 AM
That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.
So, If i need to upgrade the OS.
I have to trigger fail over to pass the traffic through Passive Device.
Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.
I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.
I hope you correct me if i am wrong !
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-04-2020 08:00 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-11-2020 07:20 AM
The HA peers should have the same version of PAN-OS and content version, in order to set them into a HA pair.
Refer to the documentation below on the HA overview for further details,
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/ha-overview.html
Thanks.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-11-2020 10:06 AM
In order to work HA properly, Both the firewalls should be running the same PAN-OS version and must each be up-to-date on the application, URL, and threat databases.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-11-2020 11:35 AM
That mean if i need to upgrade the OS on HA we going to have outage in your Scenario.
So, If i need to upgrade the OS.
I have to trigger fail over to pass the traffic through Passive Device.
Then upgrade the Active one and trigger the failover to pass the traffic again to Primary Device.
I think, the Ha should work if we don't have BIG major GAPS between PAN-OS version.
I hope you correct me if i am wrong !
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-11-2020 11:58 AM
When we are upgrading the OS on a HA pair, for active/passive firewalls, must upgrade the passive peer first, suspend the active peer (fail over), update the active peer, and then return that peer to a functional state (fail back).
To prevent fail over during the upgrade of the HA peers, must make sure preemption is disabled before proceeding with the upgrade. We only need to disable preemption on one peer in the pair.
You can check the upgrade steps in the link below.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-12-2020 06:46 AM
Thank you very much we have taken the team to secondary to version 8 and it has worked perfectly then we will migrate to version 9
- "Failed to parse json object from response" Error message in output file from the API response in Automation/API Discussions
- Virustotal false positive on AltDrag 1.44 software in VirusTotal
- Correct way to upgrade Cortex XDR agent on Terminal Servers in General Topics
- pan-os-python SDK configure NGFW-VM HA issue in Automation/API Discussions
- Recommended Pan-OS version in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
