Are Certificates Synchronised Between Active/Passive or Active/Active HA Firewalls
20040
Created On 10/23/19 08:53 AM - Last Modified 01/09/20 02:41 AM
Question
Are Certificates synchronized between Active/Passive or Active/Active HA Firewalls?
Environment
- Palo Alto Firewalls.
- Any PAN-OS.
- High Availability Configured.
Answer
Certificates and SSL/TLS service profiles are not synced if it's referenced in system specific configuration (i.e. management access) that are not synced.
Certificate and the SSL/TLS service profiles are synced if the certificate is used in other parts of the configuration which are synced.
For example, if a certificate is generated and referenced in an SSL/TLS Service Profile which is used under GUI: Device > Setup > Management > General Settings > SSL/TLS Service Profile, then the certificate and the SSL/TLS Service Profile are not synced.