>
    SD-WAN Plugin 2.2.7-h5 or Later, 3.2.3-h2 or Later, and 3.3.3 or Later Versions
    Focus
    Download PDF
    Focus
    1. Home
    2. SD-WAN
    3. Convert SD-WAN enabled Standalone Panorama to Panorama HA
    4. SD-WAN Plugin 2.2.7-h5 or Later, 3.2.3-h2 or Later, and 3.3.3 or Later Versions
    Download PDF
    SD-WAN

    SD-WAN Plugin 2.2.7-h5 or Later, 3.2.3-h2 or Later, and 3.3.3 or Later Versions

    Table of Contents

    SD-WAN Plugin 2.2.7-h5 or Later, 3.2.3-h2 or Later, and 3.3.3 or Later Versions

    Workflow for converting a SD-WAN enabled Panorama management server to a Panorama HA peer for SD-WAN plugin 2.2.7-h5 or later, 3.2.3-h2 or later, and 3.3.3 or later versions.
    1. Configure the new Panorama management server.
      1. Install the same OS version as the primary active firewall.
      2. Configure the management IP address.
      3. Install all the required plugins, application version, and antivirus version same as the primary active firewall.
      4. Execute the commit force CLI command to commit the changes forcefully.
    2. Configure high availability (HA).
      1. On the standalone Panorama management server:
        1. Navigate to PanoramaHigh AvailabilitySetup and configure the IP address and serial number of the newly deployed Panorama.
        2. Navigate to PanoramaHigh AvailabilityElection Settings, enable Preemptive, set priority to primary and commit the changes.
      2. On the newly deployed Panorama management server.
        1. Navigate to PanoramaHigh AvailabilitySetup and configure the IP address and serial number of the standalone Panorama, which is already managing the network.
        2. Navigate to PanoramaHigh AvailabilityElection Settings, disable Preemptive, set priority to secondary and commit the changes.
      3. Once HA is committed, the new Panorama joins the HA cluster. Initially, the running configuration won’t be synchronized, and differences will appear in the HA dashboard.
      4. Address the configuration differences by ensuring the correct versions of applications, antivirus, SD-WAN plugins, and any other required plugins are installed.
    3. Configure the IP address for the newly deployed Panorama as the secondary IP address of Panorama in the Panorama settings (under device template of the devices managed by standalone Panorama) and commit the changes.
    4. Synchronize databases.
      1. Run the following synchronization command on the active Panorama HA peer:
        debug plugins sd_wan mongo-db sync-db-to-peer
        If the result shows sync-in-progress, restart the configd process using:
        debug software restart process configd
      2. Reconnect the active Panorama and run the synchronization command again. If successful, the active and passive Panorama MongoDB will be synchronized.
    5. Synchronize and Verify.
      1. Synchronize the running configuration from active Panorama to passive Panorama to apply all settings.
      2. Verify both active and passive Panorama details in the HA dashboard.
      3. Check the MongoDB status by running:
        debug plugins sd_wan mongo-db sync-status
      4. Perform a force commit on the passive Panorama to finalize the setup.
    6. Commit and push the changes from active Panorama to all the firewalls to configure the secondary Panorama IP address.

    © 2025 Palo Alto Networks, Inc. All rights reserved.

    "].join(""));l.close()}catch(m){b.src=a+'d.write("'+loaderHtml().replace(/"/g,String.fromCharCode(92)+'"')+'");d.close();'}b.contentWindow.config=k;b.contentWindow.SCRIPT_ID=g},0)}}}(); window.usabilla.load("w.usabilla.com", "2e03ec052d76"); /*]]>{/literal}*/
    OSZAR »