Are Certificates Synchronised Between Active/Passive or Active/Active HA Firewalls

Are Certificates Synchronised Between Active/Passive or Active/Active HA Firewalls

18580
Created On 10/23/19 08:53 AM - Last Modified 01/09/20 02:41 AM


Question


Are Certificates synchronized between Active/Passive or Active/Active HA Firewalls?

Environment


  • Palo Alto Firewalls.
  • Any PAN-OS.
  • High Availability Configured.


Answer


Certificates and SSL/TLS service profiles are not synced if it's referenced in system specific configuration (i.e. management access) that are not synced.
Certificate and the SSL/TLS service profiles are synced if the certificate is used in other parts of the configuration which are synced.

For example, if a certificate is generated and referenced in an SSL/TLS Service Profile which is used under GUI: Device > Setup > Management > General Settings > SSL/TLS Service Profile, then the certificate and the SSL/TLS Service Profile are not synced.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000PNBF&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcSArticleDetail