This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Running config not synchronized problem

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Running config not synchronized problem

Go to solution
MPI-AE
L4 Transporter

‎02-25-2019 01:02 AM

Hey all!

there are two pa 3020 with 8.0.7 in HA active passive.

Three days ago, I switched the passive fw to active.

Yesterday I switched back. I stated that the running config isn't synchronized, but I switched nevertheless.

So I think I should "sync to peer" in the HA dashboard. But from which firewall to which firewall?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to MPI-AE

‎02-25-2019 01:43 AM

Hi @MPI-AE ,

 

Configuration audit is performing diff on the full configuration. That is why you will see some yellow lines that hostname, management IP etc are different between members. 

 

If you check the documentation here you can see that none of these configurations will sync - What Settings Don’t Sync in Active/Passive HA?

 

So you may want to focus on the rest of the output from the config audit - on the configuration that is synchronized between member and will sync if you run "sync to peer"

View solution in original post

4 REPLIES 4

Go to solution
reaper
Cyber Elite
Cyber Elite

‎02-25-2019 01:17 AM

you will need to verify the configuration between the firewalls and decide which one is the one you need to keep:

 

config audit peer.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Go to solution
MPI-AE
L4 Transporter
In response to reaper

‎02-25-2019 01:32 AM

@reaperWhen I compare the two configs as your screenshot shows, it shows me a lot of local settings that differ, for example:

 

hostname, management ip address, peer-ip, ha ip addresses.

 

I mean, that's okay since that are two physical firewalls.

 

But what happens when I sync the config?

0 Likes Likes

Go to solution
aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to MPI-AE

‎02-25-2019 01:43 AM

Hi @MPI-AE ,

 

Configuration audit is performing diff on the full configuration. That is why you will see some yellow lines that hostname, management IP etc are different between members. 

 

If you check the documentation here you can see that none of these configurations will sync - What Settings Don’t Sync in Active/Passive HA?

 

So you may want to focus on the rest of the output from the config audit - on the configuration that is synchronized between member and will sync if you run "sync to peer"

Go to solution
MPI-AE
L4 Transporter
In response to aleksandar.astardzhiev

‎02-25-2019 02:44 AM

Thank you, that makes it clear!

0 Likes Likes
  • 1 accepted solution
  • 18931 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks