HA Sync with different Configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HA Sync with different Configuration

L2 Linker

I have two firewalls previously on HA (Active-Passive mode). We had to shutdown the passive device due to some troubleshooting. Then we had to roll-back the config of the active PA.

 

Here's the current setup. (HA links not yet cabled)

Active PA - lower config version (e.g. version 207)

Backup PA - higher config version (e.g. version 210)

 

If I connect the HA links, will the backup PA sync to the active PA config version 207? Or will the active PA sync to the backup PA with config version 210?

2 accepted solutions

Accepted Solutions

L7 Applicator

it's my understanding, and somebody please update if incorrect, that when you connect the HA link the devices will not sync.

you will have the option in the HA widget to sync to peer..... this can be done from either device....

View solution in original post

a config sync is only triggered when a commit is pushed or a manual sync is initiated, so no need to worry when you hook the passive back up to the HA

 

! make sure to keep it suspended until the 'state' sync has completed so it is aware there already is an active member and it doesn't try to become active by itself, easiest way to spot that is to see if it is populating HA information on the GUI dashboard

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

3 REPLIES 3

L7 Applicator

it's my understanding, and somebody please update if incorrect, that when you connect the HA link the devices will not sync.

you will have the option in the HA widget to sync to peer..... this can be done from either device....

a config sync is only triggered when a commit is pushed or a manual sync is initiated, so no need to worry when you hook the passive back up to the HA

 

! make sure to keep it suspended until the 'state' sync has completed so it is aware there already is an active member and it doesn't try to become active by itself, easiest way to spot that is to see if it is populating HA information on the GUI dashboard

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi Mickball, you are correct. Thanks!

  • 2 accepted solutions
  • 2857 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!