Palo Alto Networks Knowledgebase: HA pair is not synchronizing
HA pair is not synchronizing
Created On 02/07/19 23:40 PM - Last Updated 02/07/19 23:41 PM
High Availability (HA) pair does not synchronize, even though the software, threat, app and URL databases are all on the same version.
The certificate does not transfer automatically from one device to the other, which prevents the devices from synchronizing.
If you have an SSL VPN certificate, make sure that you have one applied on both devices. The certificate used for the devices should have the same options selected, particularly if it is for the secure web GUI option.
Note: If the same certificate is downloaded but the options do not match, the imported certificate will be deleted on the passive device once the synchronization is initiated and will cause the sync to fail.