We've got an HA pair of 5050s. They both have a job to download and install dynamic updates at 12:00 AM.
I've seen occasions where one of the boxes will download but not install the update. They are also set to push a version of the update to the HA peer.
I"m wondering if having them check at the same time and try to push to each other is not ideal.
I'm guessing I should consider stopping the HA sync of dynamic updates, or only have one box check for updates and make that one push the update over to the other.
Anyone doing similar things?
The bad thing with the later approach is when failover occurs. The now active (previously passive) device will try to get its updates from the now offline box. Also if using this method dont forget to enable preemptive failover aswell (that is as soon as the original active box (now offline) returns it should take charge of the traffic flows).
Disclaimer: Unless PA already handles this case so you wont end up with a box (after a failover) that never updates its databases...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!