push the commit on one member of the cluster only?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

push the commit on one member of the cluster only?

L1 Bithead

Hello,

To test the link monitoring of the high-availability, i want to shut one interface on the active member.
I set up the interface at down but i do not find how to do the commit on the active member only.
Is there a solution to push the commit on one member of the cluster only?

Thanks for your help.

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@pmartyn,

Within your High Availablility settings under setup there is an option to toggle Config Sync. Turn this off and your configuration will not sync between your passive/active members. 

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

@pmartyn,

Within your High Availablility settings under setup there is an option to toggle Config Sync. Turn this off and your configuration will not sync between your passive/active members. 

@BPry,

 

With this option disabled, i'm able to shut interfaces on one members only :
admin@panel1(active)> show interface all
ethernet1/1             16    ukn/ukn/down(power-down)  00:1b:17:00:23:10
ethernet1/2             17    ukn/ukn/down(power-down)  00:1b:17:00:23:11

admin@panel2(passive)> show interface all
ethernet1/1             16    1000/full/up              00:1b:17:00:23:10
ethernet1/2             17    1000/full/up              00:1b:17:00:23:11

 

Exactly what i was looking for, thanks for your help.

 

But HA do not react with the following "link monitoring" configuration.

high-availability {
...
 group {
  35 {
   ...
   monitoring {
    link-monitoring {
     link-group {
      "LACP Group1" {
       interface [ ethernet1/1 ethernet1/2];
       failure-condition all;
      }
     }
    }
   }
  }
 }
}

 

Path and link monitoring configuration is per firewall and this is not syncronized to other firewall.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

@Raido_Rattameister,

This management article https://live.paloaltonetworks.com/t5/Management-Articles/Logical-Shutdown-of-an-Interface-Does-Not-C... explains why a logical shutdown of an interface does not cause HA failover.

 

Yes that is the case.

But to answer your initial question - if you change link monitoring config on one firewall and commit then this is not replicated over as link and path monitoring configuration is private to the firewall.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1 accepted solution
  • 2874 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!