i actually have done that
active firewall, which has the correct ruleset, show all good
i do still have config-sync disabled, as i think enabling it could cause more problems
just looking for a way to fix the passive fw somehow
Can you try if in current state it allows you to export config from Panorama to firewall and then load device-state from cli?
unfortunately, i removed everything from panorama
but from your message, i got this idea
import both firewalls again, and try to export active fw device group to passive fw again. theres a delete on the firewall that happens at this stage right, maybe it will fix things
You can try following
Import active fw to Panorama.
Commit to Panorama.
Export to passive device.
Load device config on passive.
Change any settings that is different in passive (mgmt ip, hostname, HA settings etc)
Commit to firewall.
If successful so far then commit to firewall from Panorama.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!