Having doubts about what exactly is synched with HA or how HA behaves when you push configurations from Panorama? This is something we'll highlight in this week's discussion of the week. Community member niuk had a question about this and posted it on our discussions board :
Disscussion topic
Member niuk committed a change from Panorama to the active firewall and noticed a 'Not syncronized' message. Several other community members provided tips and debugging steps to assist. While the provided tips and tricks are surely useful in debugging HA issues the solution was actually very simple.
What was key in the problem description was that niuk commited the change from his Panorama to his ACTIVE firewall only. This is a very important detail because as member rmonvon pointed out, policies from Panorama must be committed to both active and passive HA devices! They are not synched!
So what exactly is synched in an HA setup?
Here's a list of what's related for this specific discussion:
Device Tab
Config Synched A/P
Config Synched A/A
Panorama Settings
Panorama Servers
NO
NO
Receive timeout for connection
YES
YES
Send timeout for connection
YES
YES
Retry count for SSL send
YES
YES
Panorama Policy & Objects
NO
NO
Device & Network Template
NO
NO
The complete list of what's synched and what's not can be found here: