Fail to migrate Palo HA FW to Panorama Mgmt

cancel
Showing results for 
Search instead for 
Did you mean: 

Fail to migrate Palo HA FW to Panorama Mgmt

L1 Bithead

Hello,

I tried to migrate Palo HA FW to Panorama mgmt as per below guideline link, but fail in step 5.5.

this is the step what I did;

- Clear "Enable Config Sync" on both FW (OK)
- Connect both FW to Panorama (OK)
- Add both FW to Panorama (OK)
- Import config of both FW into Panorama (OK, but show alert icon(indicate "HA: not in operation") device summary)
- Push and commit back to both FW (FAIL , push is OK but commit not successful on local FW)
any suggestion please and let me know if you need more information? thank you.
 
Panorama Ver : 10.1.0
Palo FW Ver : 9.1.5
Model : PA220
 
Guideline link
 

 

1 ACCEPTED SOLUTION

Accepted Solutions

L1 Bithead

Hello...

finallyy, it worked well by downgrading Panorama 10.1.0 to 10.0.7.

thank you.

View solution in original post

7 REPLIES 7

L4 Transporter

Thank you for your post @zinkt101 

 

Would it be possible to provide details of commit fail message? Typically there is description what prevented commit to succeed.

 

Thank you

Pavel

Pavel Kucera

 

thank you for your response @PavelK 

this is the fail error message on local FW

!

Operation

Commit

Status

Completed

Result

Failed

Details

Validation Error:

deviceconfig -> system -> update-schedule -> wildfire -> recurring -> every-15-mins -> sync-to-peer unexpected here

deviceconfig -> system -> update-schedule -> wildfire -> recurring -> every-15-mins is invalid

Commit failed

Warnings

!

After this error message, I tried by turning off sync-to-peer on all dynamic updates on both passive/active FW, then re-start migrating to Panorama again.

still show the above error message again.

thank you.

L4 Transporter

Thank you for reply @zinkt101

 

Before you start migration, could you set the download schedule of Wildfire to: "None" on both Firewalls, then start with migration over? If it succeed, then after migration you can change Wildfire scheduler from Panorama via Template.

 

Kind Regards

Pavel

Pavel Kucera

hello..

after I tried with schedule of Wildfire to: "None" on both Firewall, still fail with this new error message.

 

Operation
Commit
Status
Completed
Result
Failed
Details
Validation Error:
import -> network -> logical-router unexpected here
import -> network is invalid
Commit failed
Warnings

L1 Bithead

Hello...

finallyy, it worked well by downgrading Panorama 10.1.0 to 10.0.7.

thank you.

View solution in original post

L4 Transporter

Thank you for sharing @zinkt101

 

After your last post, I was running out of ideas. It is good that you could eventually solve it by downgrading.

Pavel Kucera

yeah. thank you @PavelK 

I have another PA HA pair which is running version 8.1.xx to migrate, not sure it will be OK with this panorama version 10.0.7.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!