DotW: HA Not Synchronized after Commit from Panorama
Resolution
Having doubts about what exactly is synched with HA or how HA behaves when you push configurations from Panorama? This is something we'll highlight in this week's discussion of the week. Community member niuk had a question about this and posted it on our discussions board :
Disscussion topic
Member niuk committed a change from Panorama to the active firewall and noticed a 'Not syncronized' message. Several other community members provided tips and debugging steps to assist. While the provided tips and tricks are surely useful in debugging HA issues the solution was actually very simple.
What was key in the problem description was that niuk commited the change from his Panorama to his ACTIVE firewall only. This is a very important detail because as member rmonvon pointed out, policies from Panorama must be committed to both active and passive HA devices! They are not synched!
So what exactly is synched in an HA setup?
| Device Tab | Config Synched A/P | Config Synched A/A |
| Panorama Settings | ||
| Panorama Servers | NO | NO |
| Receive timeout for connection | YES | YES |
| Send timeout for connection | YES | YES |
| Retry count for SSL send | YES | YES |
| Panorama Policy & Objects | NO | NO |
| Device & Network Template | NO | NO |
The complete list of what's synched and what's not can be found here:
As for the full discussion, you can follow it here: