No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Automatic Configuration Synchronization Fails Because of Redundant Configurations on the Standby Firewall

Publication Date:  2019-01-24 Views:  171 Downloads:  0

Issue Description

Two firewalls are deployed in hot standby networking. On the active firewall, the administrator adds GigabitEthernet1/0/2 to the Trust zone, but the configuration is not synchronized to the standby firewall.

Handling Process

Step 1: Check the hot standby configuration. The automatic backup function is enabled.
Step 2: Create a temporary ACL on the active firewall and check whether the ACL configuration can be properly synchronized to the standby firewall. If yes, the automatic backup function is normal.
Step 3: Check the configurations on the standby firewall. GigabitEthernet1/0/2 has been assigned to the DMZ.
Step 4: On the active firewall, disable the automatic configuration backup function.
Step 5: On the standby firewall, delete GigabitEthernet1/0/2 from the DMZ and assign it to the Trust zone.
Step 6: On the active firewall, enable the automatic configuration backup function.

Root Cause

 Automatic configuration backup is disabled.
 The backup mechanism in hot standby deployment prevents configuration commands from being backed up.

Suggestions

By default, configurations of the active firewall, such as the zone, ACL, and attack defense configurations can be automatically backed up to the standby firewall. If redundant configurations exist on the standby firewall before hot standby is enabled, the configuration on the active firewall conflicts with that on the standby firewall. As a result, the automatic backup fails.

END