05-29-2020 04:32 AM
We have updated an PA-220 HA pair to 9.0.7 and as expected see Policy Rule UUIDs.
We also manage a separate population of FWs by Panaorama 9.07.
From the release notes for HA deployments:
After upgrade this direcly managed firewall dashboard states config not sync'd.
Config audit with peer highlights the different UUIDs. ( along with other HA specific settings )
Given 2 above I would have expected that UUIDs would be excluded form the dashboard status for HA config sync …
Anyone else experience this on update 8.1 > 9.0 ?
Explanations, remedial actions ?
KR,
Lee
05-29-2020 08:33 AM
After investigating other HA peer discrepencies ( dynamic content schedule and licenses ) syning to peer for active fw resolved the issue. It does seem that the upgrade process had triggered the config not in sync condition, but it does not appear to be specific to PAN-OS 9.0 and the differnet UUIDs.
** Note to PAN TAC documentation team :
please add to
"what setting are dont sync in HA":
Policy - UUIDs.
Lee
05-29-2020 08:33 AM
After investigating other HA peer discrepencies ( dynamic content schedule and licenses ) syning to peer for active fw resolved the issue. It does seem that the upgrade process had triggered the config not in sync condition, but it does not appear to be specific to PAN-OS 9.0 and the differnet UUIDs.
** Note to PAN TAC documentation team :
please add to
"what setting are dont sync in HA":
Policy - UUIDs.
Lee
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
