HA Configuration Out-of-Sync Due to Certificate

HA Configuration Out-of-Sync Due to Certificate

Created On 09/25/18 19:47 PM - Last Modified 06/09/23 08:51 AM



The passive unit in an HA pair cannot sync to the active device because it does not have a certificate. When trying to sync the certificate to the passive unit it fails. When trying to add the certificate to the passive unit and perform the sync-to- peer from the active unit, the sync fails and the passive unit deletes the newly installed certificate.



Import the missing certificate into the passive unit. If the same certificate is used for options like "Forward Trust, Forward Untrust and etc" on the active firewall, make sure that the same Certificate on the passive device must be selected with same options as shown below.

Shown below is the Active Device:

cert act.JPG


Shown below is the Passive Device:

cert pas.JPG



Perform a commit sync from passive to primary by using the following CLI command:

> request high-availability sync-to-remote running-config


See Also

High Availability Synchronization


owner: nayubi

  • Print
  • Copy Link


Choose Language