07-19-2017 08:27 PM
Folks.
I have a pair of 3050's in a HA cluster, and recently I'ver been noticing some weird messages ont he system log on the primary.
I happened to log into the secondary the other day, and say a heap more.
has anyone seen messages like the following
Failed to upload the new HA URL file to RAM.
Failed to upload the old URL file to RAM,Starting with an empty file.
Received callback from peer for completion of handle url_sync; file /opt/pancfg/opt/pan/content/pan/panurldb.bin.ha.
The corresponding error on the active reads
Failed to sync PAN-DB to Peer: Peer user failure
Are these something I should worry about? I shoulod note that this pair is running qutie an old software version - getting a time to upgrade is not easy - they're currently on 6.0.15
Thanks for any pointers.
07-25-2017 04:49 PM
Hi @darren_g,
This looks buggy, specifically PAN-64639.
It's fixed in 7.1.10 (recommended at present), 8.0.3. Not sure if it's fixed in 6.0.x something. If I were you, I'd go for upgrade to the latest recommended release tbh.
Yes, the upgrade process is fairly easy and can actually be done without any downtime. However, be very careful of the behavior changes. It's a big leap from 6.0 to 7.1. Check through all the tech-docs about behavior changes, what's new, new features, upgrade/downgrade considerations, etc.
Regards,
Anurag
07-19-2017 09:21 PM
From a quick glance it looks like your URL database isn't syncing between the units. You could try flushing them from both units and attempting to get them to pull them again.
I wouldn't say it's a major issue because your firewall will still function; but it's something that I would want to work on fixing as soon as possible.
P.S.
I would really look at updating this thing to a support release. Assuming that these are not Acitve/Active firewalls it should be fairly easy to upgrade with minimal/no downtime depending on your configuration.
07-25-2017 04:49 PM
Hi @darren_g,
This looks buggy, specifically PAN-64639.
It's fixed in 7.1.10 (recommended at present), 8.0.3. Not sure if it's fixed in 6.0.x something. If I were you, I'd go for upgrade to the latest recommended release tbh.
Yes, the upgrade process is fairly easy and can actually be done without any downtime. However, be very careful of the behavior changes. It's a big leap from 6.0 to 7.1. Check through all the tech-docs about behavior changes, what's new, new features, upgrade/downgrade considerations, etc.
Regards,
Anurag
07-25-2017 04:56 PM
Thanks - I'll continue to ignore it for now. It doesn't appear to be breaking anything anwyay.
Yes, the upgrade process is fairly easy and can actually be done without any downtime. However, be very careful of the behavior changes. It's a big leap from 6.0 to 7.1. Check through all the tech-docs about behavior changes, what's new, new features, upgrade/downgrade considerations, etc.
That's the main reason I haven't upgraded yet - I have other PAN devices running later versions, but this is my main production cluster, and has many, many more policies and features enabled - and I don't have time to validate the upgrade and check if anything will break.
I might bump it to 6.1 in the near future and let that run a while before going to 7.
Thanks again.
07-25-2017 11:34 PM
I would strongly advise you to get the devices upgraded as you are on EOL release:
https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary
07-26-2017 10:01 PM
@TranceforLife wrote:I would strongly advise you to get the devices upgraded as you are on EOL release:
https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary
I did an upgrade to 6.1 today.
And my fears were correct - it broke things.
Luckily, they were easy to fix things, but now I know why I was holding off on upgrading.
Oh well. I'll wait a while until I go to V7, methinks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
