Active to Passive Configuration Sync Failing for High Availability
60758
Created On 09/25/18 17:52 PM - Last Modified 07/14/20 02:40 AM
Symptom
-
The active/passive configuration synchronization is failing between the HA pair of Palo Alto Networks devices.
Environment
- A/P HA cluster
- Jumbo Frames on the active device only
- Any platform
- Any PAN-OS
Cause
- The issue may be caused by an Jumbo Frame settings mismatch. On the passive firewall, check the status of the HA-SYNC job:
> show jobs id 280 Enqueued ID Type Status Result Completed -------------------------------------------------------------------------- 2013/03/20 11:59:35 280 HA-Sync FIN FAIL 12:00:01 Warnings: Details:device: device is not in jumbo-frame mode but interface ae1.518 mtu is greater than 1500 interface configuration error Commit failed
- The HA-Sync error message, as shown above, indicates the problem.
Resolution
- Configure both active and passive Palo Alto Networks firewalls to have Jumbo Frame setting enabled. For the example above, the passive firewall needs to have the Jumbo Frame enabled.
- Go to Devive > Setup > Session
- In the Session Settings section, check the Enable Jumbo Frame option.
- A device reboot is required for the changes to take effect
owner: jlunario