Upgraded Device in HA Group Reports Status: suspended (Peer version too old)

Upgraded Device in HA Group Reports Status: suspended (Peer version too old)

Created On 09/25/18 18:47 PM - Last Modified 11/05/21 07:25 AM

After upgrading one device in the HA group, the device is unable to become active and the dashboard reports the status as: suspended (Peer version too old).
User-added image

PA firewalls are in Active/Passive HA.
Upgrade of one of the Peers in HA is being performed. 

The device has been upgraded at least Two Feature Releases away from the peer device in the HA group.


When upgrading an HA group, each version upgrade has to be performed on both the devices in the HA group before upgrading to the next version.

For Simplicity we will consider Firewall-A is in version 10.1.2 and Firewall-B is in 9.1.7.
If Firewall-A is in suspended state with dashboard showing Peer version too old
1. Either upgrade Firewall-B to a 10.0.x version which will cause a downtime because Firewall-A is in Suspended state.
2. Or, downgrade Firewall-A to a 10.0.x version, then upgrade Firewall-B to same 10.0.x version and then continue to upgrade both to 10.1.2 version. 

Note :
Using option 2 downtime can be minimised because once Firewall-A is downgraded to 10.0.x version, the firewall will join the HA and traffic failover can be done. 

owner: nchong

  • Print
  • Copy Link


Choose Language