HA Panorama 9.1.X Setup
Hello good afternoon, thank you very much for the collaboration. Please help me to clarify the following doubts regarding the Panorama HA setup.
1.- The second or secondary Panorama or the secondary device, if changes are made in the secondary, is replicated to the main Panorama and the firewalls managed by Panorama (this once the HA is set up and synchronized).
2.- When adding the secondary to the HA and synchronize the configuration, this must be done from the main ? example in this case the Panorama-principal has all the configuration and the secondary, the idea is that it receives it from the main. What happens if the synchronization is the other way around? That is to say from the secondary (which has nothing of DG, nor Templates, etc) that happens in that case ? the main one that does, makes an append, a merge or a replace at the time of synchronizing the configs ?
3.- In the firewalls that are managed by Panorama, you must add the IP or hostname (I understand that if it is hostname, clearly the dns must resolve it) of both Panorama (main and secondary) in the Panorama configuration section of the firewalls?
Thank you very much for the help and collaboration as always.
1. You cannot make changes to shared (templates, device groups,...) Objects in the secondary, only local (hostname, HA config, IP,...) 2. Sync is always initiated from the active-primary. Initiate it when the passive-secondary has joined the HA. You can't sync the other way 3. You can also put an IP if you dear the FQDN won't resolve properly or reliably