Writable command not allowed on passive panorama

Writable command not allowed on passive panorama

17021
Created On 05/28/21 17:57 PM - Last Modified 05/28/21 18:08 PM


Symptom


"Operations Failed" reported with "Writable command '...' not allowed on Passive Panorama" when attempting to make configuration change(s) on passive panorama. 

Example: Configuring a new administrator account on passive panorama 

User-added image

User-added image

Environment


Passive Panorama 
High Availability
PAN-OS

Cause


It is an expected behavior (per design) that operational commands such as set, add, edit are not allowed on Passive Panorama 
 

Resolution


Suspend active panorama that is part of HA pair to make passive panorama to be (new) active panorama and make necessary configuration changes, then commit to apply the change

* Suspend Primary Panorama 
admin@Pano-HA-Prim(primary-active)> request high-availability state suspend


* Confirm Secondary Panorama transitioned from "secondary-passive" to "secondary-active" prior to making operational configuration change
admin@Pano-HA-Sec(secondary-passive)>
admin@Pano-HA-Sec(secondary-active)>


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VVfCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language