Panorama failover and connection to Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama failover and connection to Firewall

Cyber Elite
Cyber Elite

We have M100 in active and PAssive mode.

Did failover where active was suspended and passive M100 became active

 

Check the firewall it still shows connected to Suspended PAnorama and it is active one from FW point of view?

is this by design?

MP

Help the community: Like helpful comments and mark solutions.
1 accepted solution

Accepted Solutions

L7 Applicator

If possible the firewalls always maintain a connection to both panoramas (if you have configured both panorama servers in the firewall configuration). So in case of a failover panorama sends a notification to the firewalls to tell them about the new situation. Where does your firewall show that it is only connected to the suspended panorama?

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Need to confirm if Active PAnorama gets suspended the PA which is connected to it will still show that M100 as activ one?

 

Suspended status of M100 is between Panorama only and it has no impact on the connection of the PA to Panorama?

MP

Help the community: Like helpful comments and mark solutions.

Anybody can answer this please?

MP

Help the community: Like helpful comments and mark solutions.

Anybody can answer this please?

MP

Help the community: Like helpful comments and mark solutions.

L7 Applicator

If possible the firewalls always maintain a connection to both panoramas (if you have configured both panorama servers in the firewall configuration). So in case of a failover panorama sends a notification to the firewalls to tell them about the new situation. Where does your firewall show that it is only connected to the suspended panorama?

 

Normally I do show logging status from firewall to check the status.

But during this failover for Panaroma I did not run the show logging status on any  Firewall

 

But later I checked the system logs during that time frame  on both Panorama and Firewall it does not show that  connection to the Panorama changed from any of the firewall?

 

Is system logs right place to check or i should have run the sh logging status on the Firewall during the time of failover?

MP

Help the community: Like helpful comments and mark solutions.

Yesterday i did Panorama upgrade and saw that when you run command

show panorma status  

 

IT shows the Right status of PA with PAnorama.

 

you were spot on.

MP

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 2646 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!