Palo Alto Networks Knowledgebase: App and Threat Compatability Mismatch in HA Pair

App and Threat Compatability Mismatch in HA Pair

Created On 09/26/18 13:44 PM - Last Updated 02/07/19 23:44 PM
Threat Intelligence Threat Prevention


Passive device in an HA pair doesn't update and there is a mismatch status for the app and threat compatibility.



From the passive device:

  1. Ping

    > ping host

  2. Get the MAC address of the static device:

    > debug dataplane internal vif link

    Sample Output:

    eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1b:17:01:47:00 brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    12121844 100266 0 0 0 70484
    TX: bytes packets errors dropped carrier collsns
    5197283 13280 0 0 0 0

  3. Log into the current active device and go to Network > Interface, then click on the Internal/Trusted interface.  You'll need to statically add the MAC address and IP address of the passive device management interface.


owner: jnguyen

  • Print
  • Copy Link

Choose Language