Information Synchronized in an HA Pair | Palo Alto Networks Live 3/25/15, 11:51 AM

All Places > Knowledge Base > Documents

Information Synchronized in an HA Pair Version 33

created by Ameya on Nov 14, 2012 9:41 PM, last modified by panagent on Jan 21, 2015 4:54 PM

Overview
This document explains the information that is synchronized between High Availability (HA) pair members and is
applicable for both, Active-Passive and Active-Active deployments.

Details
Control Plane Synchronization Over HA1 link
Configuration: Configuration changes to either active or passive unit are synchronized to peer device
Tabs Synchronized: Policy, Objects and Network
All certificates sync except Web Certificate

Dataplane Synchronization over HA2 Link

Session states
IPSec SAs
MAC Tables
Neighbor Discovery Table
IPv(4/6) return MAC
HA2 Monitor Message
ARP tables

Verify what gets synchronized over HA2 link using the command below:
> show high-availability state-synchronization

Objects Not Synchronized

Under Network, interface-specific parameters (such as, link speed and link duplex) are not synchronized
Application Command Center (ACC) and log data is not synchronized
Web Certificates
Log Link configuration is not synchronized between HA. (See: How Does the Log Link Feature Work?)

Note: Device > Objects under the Device Tab are synchronized selectively. Refer to High Availability
Synchronization for the complete list of objects that are synchronized.

CLI commands to perform a commit sync manually

Synchronize Running Configuration
>request high-availability sync-to-remote running-config
Force the system to synchronize objects that are not saved as part of the system configuration, for example
custom block and logon pages. This process operates over the HA control link

https://live.paloaltonetworks.com/docs/DOC-4175 Page 1 of 2
Information Synchronized in an HA Pair | Palo Alto Networks Live 3/25/15, 11:51 AM

>request high-availability sync-to-remote disk-state

Manually sync the runtime session state. This is normally automatically done, but if needed this command
can be executed to force the synchronization of the session table
>request high-availability sync-to-remote runtime-state

See Also
High Availability Synchronization.

owner: akawimandan

4437 Views Categories: High Availability , Setup, Management & Administration

Tags: ha, sync, synchronization, active_passive, ha_sync

Average User Rating

(16 ratings)

0 Comments

There are no comments on this document.

1.866.320.4788 Privacy Policy Legal Notices Site Index Subscriptions

Copyright 2007-2013 Palo Alto Networks

Home | Top of page | About Jive | Help 2007-2012 Jive Software |

https://live.paloaltonetworks.com/docs/DOC-4175 Page 2 of 2