11-15-2018 03:15 PM
If on Active Passive PA both shows running config not sync
Say failover happens for somereason or we trigger the manual failover bgy suspending the active PA will then
Passive PA becomes active and start passing the traffic even though running config is not syc between two?
11-16-2018 02:16 PM
The passive PA will still become active, and will still pass traffic, it simply will not be utilizing the same configuration file. This can cause issues for example if you've since added/removed additional security policies that are not present on the peer HA unit; a function that is expected to be working could possibly stop functioning simply because the configuration was not in sync with your peer unit.
11-16-2018 02:16 PM
The passive PA will still become active, and will still pass traffic, it simply will not be utilizing the same configuration file. This can cause issues for example if you've since added/removed additional security policies that are not present on the peer HA unit; a function that is expected to be working could possibly stop functioning simply because the configuration was not in sync with your peer unit.
11-16-2018 05:44 PM
Best Regards
Mike
07-10-2022 05:25 PM
@BPry
I m having similar issue and I am interested to know how to safely make the configurations same on both the HA pairs?
Thanks
07-12-2022 01:12 PM
What error are you seeing recorded in the logs for a configuration sync failure? What happens if you attempt to sync the configuration from the active to the passive manually? You ultimately need to figure out why the configuration isn't syncing automatically. That could be something as simple as a user holding a configuration lock on the passive unit, or a larger issue.
07-14-2022 09:13 PM
@BPry There are no specific/interesting log errors but when I compared the config files. I noticed the configs are not exact and some configs are within different folders within the .xml file . It's strange. I m wondering how can I safely copy the config from primary to secondary. I saw another KB saying need to edit manually: management address and HA IPs and peer IPs, and hostname. Are these the only parameters that need to be edited?
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
