I need help on how to replace one Faulty Paloalto 3250 firewall PAN OS version 8.1.6 which is in HA and policies are managed through Panorama.
your help is highly appreciated and thank you so much.
I would do the following:
- remove the faulty box
- configure the new device to make it reachable by panorama (only connect management interface)
- complete config of node (if there is anything done local)
- make sure you have link monitoring configured
- assign the template and device group to the new device (serial number)
- download updates
- push config from panorama
- interconnect all HA cables
- the new box is expected to stay passive/failed since not all interfaces are connected (see link monitoring)
- ensure the sync between the nodes is working
- connect the remaining cables (if you have adjusted service routes using something different than default, connect the cable to the interface(s) used for service route, but keep at least one disconnected which is listed in link monitoring)
- suspending the new device might have the same result, but this does not survive a reboot
This document should help answer your question.
If you have any further questions after following this document , please open a support ticket.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!