Cluster configuration not synced for Palo Alto Networks


Palo Alto Networks


For devices that support full configuration synchronization, Indeni will alert if the configuration is out of sync.

Remediation Steps

Log into the device and synchronize the configuration across the cluster.

How does this work?

This script uses the Palo Alto Networks API to retrieve the status of the high availability function of this cluster and specifically the status of the config synchronization.

Why is this important?

Normally two Palo Alto Networks firewalls in a cluster work together to ensure their configurations are synchronized. Sometimes, due to connectivity or other issues, the configuration sync may be lost. In the event of a fail over, the secondary member will take over but will be running with a different configuration compared to the primary (the original active member). This can result in service disruption.

Without Indeni how would you find this?

The status of configuration sync is visible in the web interface, as a widget on the main screen.

View Source Code