Why Panorama pushed configuration is not synchronized between HA pair of firewalls?

Why Panorama pushed configuration is not synchronized between HA pair of firewalls?

37544
Created On 09/25/18 19:49 PM - Last Modified 06/13/23 13:37 PM


Symptom


Symptoms

Configurations pushed from Panorama on the active unit are not visible on the passive unit

Diagnosis

Expected behaviour

Resolution


If you  push the configurations from the Panorama appliance only to the active node,

then the same changes will not be there on the passive unit.


>request high-availability sync-to-remote running-config

 

Even the above command will not make the Panorama pushed config on the active node get synchronized with the passive.


However, the configs show synchronized under the high availability widget.

 

For example, if we change anything on the firewall (for example, add a loopback) that was getting synced with the passive unit but not the Panorama pushed appliance...

 

This is expected behavior since the config sync is only for the running config (which means all the locally configured changes ) and not for the configuration pushed from Panorama.
So we have to push the configurations from the Panorama applicance to both devices in order to make the configurations the same on both units.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleOCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language