“由于设备更新导致内容版本不匹配”处于活动状态Firewall在HA一对

3801

Created On 01/05/23 20:08 PM - Last Modified 06/11/25 20:16 PM

Symptom

“由于设备更新导致内容版本不匹配”在活动设备上出现，即使两个HA配对设备具有相同的App并安装了威胁和防病毒版本
ha_agent.log/system日志中所有内容的不匹配/匹配日志，即使没有变化

mp ha_agent.log 2022-12-29 05:00:02 2022-12-29 05:00:02.236 -0500 HA peer URL Database set to Mismatch
mp ha_agent.log 2022-12-29 05:01:00 2022-12-29 05:01:00.349 -0500 HA peer Application Content set to Mismatch
mp ha_agent.log 2022-12-29 05:01:00 2022-12-29 05:01:00.351 -0500 HA peer Anti-Virus set to Mismatch
mp ha_agent.log 2022-12-29 05:01:00 2022-12-29 05:01:00.352 -0500 HA peer Threat Content set to Mismatch
mp ha_agent.log 2022-12-29 05:01:00 2022-12-29 05:01:00.355 -0500 HA peer IOT Content set to Match

活动设备“显示系统信息”

app-version: 8659-7774
app-release-date: 2022/12/28 20:24:22 EST
av-version: 4316-4829
av-release-date: 2023/01/02 07:26:39 EST
threat-version: 8659-7774
threat-release-date: 2022/12/28 20:24:22 EST

活动设备高可用性状态

Version Compatibility:
  Software Version: Match
  Application Content Compatibility: Mismatch  <----
  IOT Content Compatibility: Match
  Anti-Virus Compatibility: Mismatch   <-----
  Threat Content Compatibility: Mismatch
  VPN Client Software Compatibility: Match

被动设备“显示系统信息”

app-version: 8659-7774
app-release-date: 2022/12/28 20:24:22 EST
av-version: 4316-4829
av-release-date: 2023/01/02 07:26:39 EST
threat-version: 8659-7774
threat-release-date: 2022/12/28 20:24:22 EST

无源设备高可用性状态

Version Compatibility:
   Software Version: Match
   Application Content Compatibility: Match  <---
   IOT Content Compatibility: Match
   Anti-Virus Compatibility: Match  <---
   Threat Content Compatibility: Match
   VPN Client Software Compatibility: Match

Environment

帕洛阿尔托网络 Firewall
PAN-OS 10.0.x, 10.1.x
升级自PAN-OS9.1.x 到 10.x
HA 主动/被动或主动/主动

Cause

每次有内容更新时，sdb 节点都被标记为 none & modified

mp        ha_agent.log                       2022-12-29 04:35:42   2022-12-29 04:35:42.817 -0500 debug: ha_sysd_general_vers_string(src/ha_sysd_version.c:1829): Got new Application Content: 8659-7774; for local value
mp        ha_agent.log                       2022-12-29 04:35:42   2022-12-29 04:35:42.819 -0500 HA Group 1: Application Content version mismatch due to device update
mp        ha_agent.log                       2022-12-29 04:35:42   2022-12-29 04:35:42.820 -0500 HA peer Anti-Virus set to Mismatch
mp        ha_agent.log                       2022-12-29 04:35:42   2022-12-29 04:35:42.820 -0500 HA peer Threat Content set to Match
mp        ha_agent.log                       2022-12-29 04:35:42   2022-12-29 04:35:42.820 -0500 debug: ha_sysd_general_vers_string(src/ha_sysd_version.c:1829): Got new Threat Content: 8659-7774; for local value
mp        ha_agent.log                       2022-12-29 04:35:42   2022-12-29 04:35:42.821 -0500 HA Group 1: Threat Content version mismatch due to device update

Resolution

观察到的不匹配/匹配日志是装饰性的，可以忽略。功能没有问题（只是显示问题）
此问题已作为PAN-201721. 发布版本尚未确定

Additional Information

请参考PAN-201721

“由于设备更新导致内容版本不匹配”处于活动状态Firewall在HA一对

Symptom

Environment

Cause

Resolution

Additional Information

Other users also viewed: