Why is only one peer in a VM HA Panorama pair in Legacy mode getting logs?
5406
Created On 03/05/19 16:45 PM - Last Modified 06/30/20 04:44 AM
Question
Why is only one peer in a VM HA Panorama pair in Legacy mode getting logs?
Environment
- 2 Panorama VMs
- Panorama
- Panorama is in Legacy mode
- Firewalls sending the logs are either a 5200 series or 7000 series
Answer
This is by design. The legacy mode requires minimal resources to run thus this raised concerns of forwarding logs from our high device models to both peers. This was addressed by having the 5200 series and the 7000 series to only allow log forwarding to one peer in the high availability cluster.
Panorama running Panorama mode would allow for both peers to receive logs.
Note: The panorama peer to which the firewall forwards logs should be the active one but that may not always be the case. Whichever Panorama registers first with the logrcvr deamon of the firewall in question will be the peer in the HA cluster to receive the logs.
If one wishes to have the firewall forward the logs to the other peer in the HA cluster, restart the Panorama peer in which the logs are getting forwarded to which will force the firewall to reach out to the other peer. Suspending one of the HA peers will not force the logs to change direction.