I have found some issues in running HA Actvice/Active as it relates to config sync. It appears when a red dot on the firewall and an Admin connects their default reaction is sync config. So I noticed that something that replicated to the active-secondary was BGP peer groups which caused my BGP peering to become broken on my secondary PA. So I decided that I may want to run these in Active/Active but "standalone" and use Panorama to manage the configuration on each device and make sure they are "in sync". I am not running these at the edge and my network is symetrical so active/active is a suitable design for my network. There are just some issues like I have mentioned that could cause issues. Anyone have similar issues? or thoughts?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!