Active to Passive Configuration Sync Failing for High Availability

Active to Passive Configuration Sync Failing for High Availability

57199
Created On 09/25/18 17:52 PM - Last Modified 07/14/20 02:40 AM


Symptom


  • The active/passive configuration synchronization is failing between the HA pair of Palo Alto Networks devices.



Environment


  • A/P HA cluster
  • Jumbo Frames on the active device only
  • Any platform
  • Any PAN-OS


Cause


  • The issue may be caused by an Jumbo Frame settings mismatch. On the passive firewall,  check the status of the HA-SYNC job:
> show jobs id 280



Enqueued ID Type Status Result Completed

--------------------------------------------------------------------------

2013/03/20 11:59:35 280 HA-Sync FIN FAIL 12:00:01

Warnings:

Details:device: device is not in jumbo-frame mode but interface ae1.518 mtu is greater than 1500

interface configuration error

Commit failed
 

 

  • The HA-Sync error message, as shown above, indicates the problem.


Resolution


  • Configure both active and passive Palo Alto Networks firewalls to have Jumbo Frame setting enabled. For the example above, the passive firewall needs to have the Jumbo Frame enabled.
  1. Go to Devive > Setup > Session
  2. In the Session Settings section, check the Enable Jumbo Frame option.
    Screen Shot 2013-03-26 at 1.44.29 PM.png
  3. A device reboot is required for the changes to take effect
    2.png

owner: jlunario



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000ClLG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Choose Language