Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-01-2018 08:03 AM
Hello,
I have SNMP configured and working on the Active member of my HA cluster. i need to set SNMP up on the Passive member, i have made the changes and saved config but it is not working, do i need to commit the config? if so, would this cause any unforseen issues as i am doing a config commit on the Passive member where we normally only commit on the Active member?
Thanks
Ryan
02-01-2018 08:27 AM
In our HA pair we do not do SNMP from the production IP address (only on the active firewall). We use the management interfaces, each firewall management IP is unique. (All configured through Device -> Setup)
Brian
02-01-2018 01:59 PM
Thanks for response Brian.
We are also using the Management interface for SNMP, just wanted to know if i need to commit config on Passive unit to enable the SNMP and want impact if any it will have when doing a commit on the passive as I have only ever done a commit on Active....?
02-01-2018 02:04 PM
We have had cases in which we needed to sync the devices after doing a commit force on the passive device. Nothing broke or exploded but if you worried about it you could always suspend the active so it rolls over and then commit?
We are doing SNMP monitoring on both firewalls and they are running active/passive
02-01-2018 02:51 PM - edited 02-01-2018 02:53 PM
Ryan,
Sorry I may have misunderstood your original question.
Most things should be pushed from active to passive. You will need to check if this portion of your config is being pushed.
You should be able to configure your active firewall SNMP on management and if you are synchronizing this component of the management it should push over to the passive firewall. If not duplicate the active firewall SNMP to the passive and in you SNMP server everything should be the same but the IP and the descriptor you are using.
Brian
02-01-2018 03:02 PM
ok, both are in sync but the passive had no SNMP config on it (which was present on active), looks like as you state this element may not be included in the sync settings. I will have look.
Thanks for your help.
Ryan
02-01-2018 03:59 PM
Ryan,
We had pushed these components from Panorama so I am not sure exactly what is supposed to synchronized in Devices -> Setup in an H/A pair. I do know that the entire Setup portion is separate from the production config as it is the management plane.
Brian
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
