Troubleshoot Configuration Sync Failure

When forming a failover pair, the joining unit clears its running configuration and replicates the entire configuration from the active unit. Upon completing full configuration sync, the joining unit assumes the standby ready role and establishes the failover pair. After the unit joins the failover pair, any configuration change on the active unit are also replicated on the standby unit to keep both the units synchronized.

If the standby unit fails to replicate any configuration change commands, it reports configuration sync failure and exit the high availability by disabling failover. This section describes steps for identifying and troubleshooting configuration sync failure error reported by the standby unit.

To view the configuration sync errors or stats, you can use the following CLI commands through an SSH session or the Threat Defense CLI:

• show failover config-sync errors all to display all configuration synchronization errors related to failover.

• show failover config-sync stats all to view statistics regarding failover configuration synchronization.

To re-enable high availability:

• Re-enable failover by executing the failover reset command on the active unit.

• If re-enabling the failover is not successful, delete or update the configuration change that the standby unit failed to replicate, and then re-enable the failover.