How to enable multi vsys on high-availability firewall?

How to enable multi vsys on high-availability firewall?

9766
Created On 11/30/22 05:34 AM - Last Modified 10/08/24 23:19 PM


Objective


  • In high-availabiltiy, the two firewalls must have the same virtual system capability.
  • If multi-vsys setting is changed on any of the firewalls: active or passive, it will cause the active firewall to move in "Suspended (Multi-vsys mismatches with peer)" status.
  • How to enable multi-vsys on HA firewalls?

Environment


  • VM Series Firewall
  • High availability
  • Multi-vsys

Procedure


NOTE: A failover is expected and unavoidable.
 
  1. Take a downtime or maintenance window to enable multi-vsys feature.
  2. Enable multi-vsys on each node in HA one by one. It doesn't matter if it is enabled first on active or passive.
    1. If enabled on Active firewall first, Active firewall will get suspended causing a failover.
    2. If enabled on Passive firewall first, again Active firewall will get suspended causing a failover.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kFPYCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language