Policy Push to Multiple Firewalls

Forum|Forum|6 years ago
August 13, 2019
1 reply
2406 views

I have a question. I have a cluster of firewalls (4) that should all get the same Policy during an install of it. However, there are times when I will see one or two of the systems in the cluster come back and state 'there are no commands to send' but the rest are fine. There are other times that all four get the policy, as it should, each time it gets installed. Can anyone tell me why this is? Why will it send any changes made to the policy to all of the systems one time and at other times one or two of them are 'exempted' (for lack of a better term)? Also, once the policy is installed any subsequent pushes that would include the exempted system(s) from before do NOT get the changes later so the policies are not exact (in case of failover).

Thank you for any response -

orani

New Member

At the HA configuration, the best is to get the lowest serial number firewall as the active. Then try to cancel any ha configuration you have. Keep only one fgt working. Then factory default the rest 3 fgts. When you are done re-configure the HA. If you do it in the right way then all your firewalls should have the same exact config. Also how did you connect the heartbeat interfaces on each fgt?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded