Palo Alto Networks Knowledgebase: App and Threat Compatability Mismatch in HA Pair

App and Threat Compatability Mismatch in HA Pair

10727
Created On 09/26/18 13:44 PM - Last Updated 02/07/19 23:44 PM
Threat Intelligence Threat Prevention
Resolution

Issue

Passive device in an HA pair doesn't update and there is a mismatch status for the app and threat compatibility.

 

Resolution

From the passive device:

  1. Ping updates.paloaltonetworks.com:

    > ping host updates.paloaltonetworks.com

  2. Get the MAC address of the static device:

    > debug dataplane internal vif link

    Sample Output:

    eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1b:17:01:47:00 brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    12121844 100266 0 0 0 70484
    TX: bytes packets errors dropped carrier collsns
    5197283 13280 0 0 0 0

  3. Log into the current active device and go to Network > Interface, then click on the Internal/Trusted interface.  You'll need to statically add the MAC address and IP address of the passive device management interface.

 

owner: jnguyen



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmMCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language