HA failover if Running Config is not synced

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

HA failover if Running Config is not synced

Cyber Elite
Cyber Elite

If on Active Passive PA  both shows running config not sync 

 

Say  failover happens for somereason  or we trigger the manual failover  bgy suspending the active PA will then

 

Passive PA becomes active and start passing the traffic even though running config is not syc between two?

MP

Help the community: Like helpful comments and mark solutions.
1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@MP18,

The passive PA will still become active, and will still pass traffic, it simply will not be utilizing the same configuration file. This can cause issues for example if you've since added/removed additional security policies that are not present on the peer HA unit; a function that is expected to be working could possibly stop functioning simply because the configuration was not in sync with your peer unit. 

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

@MP18,

The passive PA will still become active, and will still pass traffic, it simply will not be utilizing the same configuration file. This can cause issues for example if you've since added/removed additional security policies that are not present on the peer HA unit; a function that is expected to be working could possibly stop functioning simply because the configuration was not in sync with your peer unit. 

Best Regards

 

Mike

MP

Help the community: Like helpful comments and mark solutions.

L4 Transporter

@BPry 
I m having similar issue and I am interested to know how to safely make the configurations same on both the HA pairs?

Thanks

PrasKtmBoy

@Pras,

What error are you seeing recorded in the logs for a configuration sync failure? What happens if you attempt to sync the configuration from the active to the passive manually? You ultimately need to figure out why the configuration isn't syncing automatically. That could be something as simple as a user holding a configuration lock on the passive unit, or a larger issue. 

L4 Transporter

@BPry There are no specific/interesting log errors but when I compared the config files. I noticed the configs are not exact and some configs are within different folders within the .xml file . It's strange. I m wondering how can I safely copy the config from primary to secondary. I saw another KB saying need to edit manually: management address and HA IPs and peer IPs, and hostname. Are these the only parameters that need to be edited?
Thanks

PrasKtmBoy
  • 1 accepted solution
  • 4668 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!