Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Configure Panorama/Log Collector Combination in HA - Knowledge Base - Palo Alto Networks

How to Configure Panorama/Log Collector Combination in HA

58208
Created On 09/25/18 17:30 PM - Last Modified 01/30/25 19:57 PM


Environment


  • Panorama
  • PAN-OS 9.1 and above
  • High-Availability 

Procedure


For Updated Steps and more information please see Set Up HA on Panorama

 

Steps

On the primary Panorama (active):

  1. On the primary Panorama (active), use the following CLI command to set the Panorama-server, which should be the IP address of the secondary panorama: admin1# set deviceconfig system panorama-server <ip address of secondary panorama>
  2. Commit the change.
  3. On the secondary panorama, use the following CLI command to set the Panorama-server, which should be the IP address of the primary panorama: admin1# set deviceconfig system panorama-server<ip address of primary panorama>.
  4. Commit the change.

 

On the GUI of primary Panorama:

  1. Add the two log collectors and add the disks to each log collector.
  2. Select the log collector which is in the secondary Panorama.
  3. In the general tab, put the primary Panorama IP address into the Panorama Server IP field and the secondary Panorama IP address into the Panorama Server IP 2 field.
  4. In the management tab, put the secondary Panorama IP address/Netmask/Default address into the corresponding fields.
  5. Create collector group(s), and add the log-collectors to the group(s).
  6. Commit the changes to the Panorama and wait until the HA-sync is done.
  7. Push the config to the collect-group(s).
  8. In the High Availability setting, disable the primary Panorama so the secondary Panorama will become active.

 

On the GUI of the secondary Panorama:

  1. Select the log collector in the primary Panorama.
  2. In the general tab, put the secondary Panorama IP address into the Panorama Server IP field and the primary Panorama IP address into the Panorama Server IP 2 field.
  3. In the management tab, put the primary Panorama IP address/Netmask/Default address into the corresponding field.
  4. Commit the changes to the Panorama and wait until the HA-sync is done.
  5. Push the configuration to the collect-group(s).
  6. Restore the Panorama HA back to the desired state.
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 239,294
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFuCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language