Palo Alto Networks Knowledgebase: What happens on a HA sync-to-peer?

What happens on a HA sync-to-peer?

4164
Created On 02/07/19 23:57 PM - Last Updated 02/07/19 23:57 PM
Resolution

The following is what occurs on a HA sync-to-peer (in PAN-OS 4.0 and 3.1):

  • A transform is done on the running/candidate xml locally
  • The transformed config is transferred over a socket from mgmtsrvr to ha_agent (start of timeout period)
  • ha_agent transfers this config to the peer ha_agent (call it ha_peer)
  • ha_peer sends the transformed config to mgmtsrvr (call it ms_peer)
  • ms_peer will wait for items ahead of the ha request to be queue and then service the ha request
  • ms_peer will run a transform on the received xml config to apply it to its own running/candidate config
  • ms_peer will send a response to ha_peer
  • ha_peer will send a response to ha_agent on the original side
  • ha_agent on the original side will send the response to mgmtsrvr on the original side
  • mgmtsrvr receives the response

owner: panagent



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV6CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language