为什么 I 在重新启动后看到两个自动承诺 Firewall ?

为什么 I 在重新启动后看到两个自动承诺 Firewall ?

15366
Created On 04/02/19 12:25 PM - Last Modified 03/26/21 17:35 PM


Question


在 firewall 主动/被动对中重新启动下一代时 HA ,为什么在 I 重新启动后看到两个自动承诺?
admin@firewall(active)> show jobs all

Enqueued              Dequeued           ID  PositionInQ     Type          Status Result Completed
--------------------------------------------------------------------------------------------------
2018/11/01 14:23:10   14:23:10            2                  AutoCom          FIN     OK 14:23:24
2018/11/01 14:20:50   14:20:50            1                  AutoCom          FIN     OK 14:21:55

Answer


第一个自动承诺的工作是将配置推至数据平面,并基本使数据飞机向上,并准备接受和处理流量。 这将在设备重新启动或数据飞机重新启动后在独立设备以及高可用性的设备中看到。

第二个自动承诺是同步 ID 设备之间的管理器(igmgr),从主动节点推至被动节点。

您可以在 mp 日志下检查开发人员(设备服务器)日志。
 
admin@firewall(active)> less mp-log devsrvr.log
<snip>
2018-11-01 14:22:55.514 -0700 Peer idmgr is  ready
2018-11-01 14:22:55.514 -0700 Sync idmgr to active device
<snip>


 

Additional Information


idmgr 维护与策略、对象和某些网络元素相对应的 ID。
idmgr 同步,以确保在发生故障转移事件后按预期处理流量 HA 。

下面是如何获得所有 idmgrs 的列表:
admin@firewall(active)> debug device-server dump idmgr type ?
> custom-url-filter                 Only custom-url-filter name and id
> dns-proxy                         Only dns-proxy name and id
> dos-rule                          Only dos-rule name and id
> global-if-counter                 Only global-if-counter name and id
> global-interface                  Only global-interface name and id
> global-rib-instance               Only global-rib-instance name and id
> global-tunnel                     Only global-tunnel name and id
> global-vlan                       Only global-vlan name and id
> global-vlan-domain                Only global-vlan-domain name and id
> global-vrouter                    Only global-vrouter name and id
> http-header-insert-header-value   Only http-header-insert-header-value name and id
> ike-gateway                       Only ike-gateway name and id
> interface-group                   Only interface-group name and id
> log-setting                       Only log-setting name and id
> macl-rule                         Only macl-rule name and id
> monitor-tag                       Only dns-proxy name and id
> nat-rule                          Only nat-rule name and id
> ospfv3-virtual-link               Only ospfv3-virtual-link name and id
> override-rule                     Only app override-rule name and id
> pbf-rule                          PBF rule name and id
> qos-rule                          Only qos-rule name and id
> security-rule                     Only security-rule name and id
> shared-app-signature              Only shared-app-signature name and id
> shared-application                Only shared-application name and id
> shared-bgp-aggr-address           Only shared-bgp-aggr-address name and id
> shared-bgp-peer                   Only shared-bgp-peer name and id
> shared-bgp-peergrp                Only shared-bgp-peergrp name and id
> shared-custom-url-category        Only shared-custom-url-category name and id
> shared-gateway                    Shared gateway
> shared-header-insert-hosts        Only shared-header-insert-hosts name and id
> shared-qos-group                  Only shared-qos-group name and id
> shared-qos-member                 Only shared-qos-member name and id
> shared-qos-profile                Only shared-qos-profile name and id
> shared-region                     Shared region code name and id
> shared-url-filtering              Only shared-url-filtering name and id
> ssl-rule                          Only ssl-rule name and id
> tci-rule                          Only tci-rule name and id
> vsys                              Only vsys name and id
> vsys-app-signature                Only vsys-app-signature name and id
> vsys-application                  Only vsys-application name and id
> vsys-custom-url-category          Only vsys-custom-url-category name and id
> vsys-header-insert-hosts          Only vsys-header-insert-hosts name and id
> vsys-region                       Vsys region code name and id
> vsys-url-filtering                Only vsys-url-filtering name and id
> zone                              Only zone name and id
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLMuCAO&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language