Hot!Policy Push to Multiple Firewalls

New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/13 12:54:30
  • Status: offline
2019/08/13 13:06:33 (permalink)

Policy Push to Multiple Firewalls

I have a question.   I have a cluster of firewalls (4) that should all get the same Policy during an install of it.  However, there are times when I will see one or two of the systems in the cluster come back and state 'there are no commands to send' but the rest are fine.  There are other times that all four get the policy, as it should, each time it gets installed.  Can anyone tell me why this is?  Why will it send any changes made to the policy to all of the systems one time and at other times one or two of them are 'exempted' (for lack of a better term)?  Also, once the policy is installed any subsequent pushes that would include the exempted system(s) from before do NOT get the changes later so the policies are not exact (in case of failover).
Thank you for any response -  

1 Reply Related Threads

    Silver Member
    • Total Posts : 101
    • Scores: 1
    • Reward points: 0
    • Joined: 2019/07/11 12:54:18
    • Location: Athens
    • Status: offline
    Re: Policy Push to Multiple Firewalls 2019/08/13 13:44:28 (permalink)
    At the HA configuration, the best is to get the lowest serial number firewall as the active. Then try to cancel any ha configuration you have. Keep only one fgt working. Then factory default the rest 3 fgts. When you are done re-configure the HA. If you do it in the right way then all your firewalls should have the same exact config. Also how did you connect the heartbeat interfaces on each fgt?
    Jump to:
    © 2019 APG vNext Commercial Version 5.5