We have a pair of 4050s in a HA configuration. I was wondering if there was anyone that has a best practice or advice on setting up the Dynamic update synch. We are looking for the best way to keep the environment up to date through dynamic update while in normal operation and when failed over to the secondary.
With the primary FW dynamic update is set to synch with peer, what is the best configuration schedule for the secondary FW?
If the Secondary is set up to update after the first and is also set to update dynamically and synch will it cause unnecessary downloads or pushes?
I am concerned with just having the primary as the only update source for the secondary. If the cluster was to fail over to the secondary, it would not update automatically without a configuration change.
Thanks for your help!
I have the exact same question and concern around what exactly happens if both are checked to replicate to the other. Also, while the updates happen, what is the impact to traffic, if any. Is it safe to run these updates during the day, with active connections?
Sync-to-peer is intended for use when the HA secondary has no path to the internet from the management interface. In this scenario the secondary will need to have the primary push the dynamic updates to it. (remember that your secondary may have no active interfaces on the dataplane in the passive mode).
If both units have the ability to access the PA update servers from their management interface we suggest that you stagger the download and install times and not use the sync-to-peer feature. This way you have the opportunity to failover to the passive unit if there is a problem on the primary during the update or as a result of a problem that arises after the update. When you stagger the download-and-install times we suggest that you leave at least 30 minutes between HA pair members to allow the update to download and install before the process begins on the peer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!