HA failover time

Reply
Not applicable

HA failover time

Hello,

How many time does failover take in seconds (when it happen)?, I have an Active/Passive deployment and I hope to use 5050 platform

Tags (2)
L5 Sessionator

Re: HA failover time

Hello,

Failover can depend on a lot of factors please refer these docs:-

https://live.paloaltonetworks.com/docs/DOC-2034

https://live.paloaltonetworks.com/docs/DOC-1094

Thank you.

Subijith Raghunandan.

L5 Sessionator

Re: HA failover time

Also please refer this doc which talks about configuration :-

https://live.paloaltonetworks.com/docs/DOC-2926

L3 Networker

Re: HA failover time

The Hello Interval is the time interval between heartbeat packets that are sent to verify that the opposing firewall is operational. The minimum value for hello interval is 1000 milliseconds (1 second) on the PA-4000 series, and 8000 milliseconds on the PA-2000 series. Setting the value to the minimum is recommended to achieve optimal failover times. When there is a loss of 3 hello messages the adjacent firewall is declared to be down and the passive device will become active


See https://live.paloaltonetworks.com/docs/DOC-1094 which was recommended in an earlier post.

L1 Bithead

Re: HA failover time

Don't they mean the HEARTBEAT interval parameter? Because the minimum value for HELLO on PA-5020 is 8000ms, I can't imaging having to wait for 3x 8000ms before a failover takes place?

If not, what is the purpose of the HEARTBEAT interval parameter?

Also, is the 3 times retry value configurable?

Highlighted
L5 Sessionator

Re: HA failover time

Hello interval is used to determine if the ha_agent process on the peer device is up and running whereas the heartbeat interval will determine if the peer is up and running. So increasing the value of hello interval should not effect the failover times unless ha_agent hangs.

L4 Transporter

Re: HA failover time

Heatbeat Interval(1s mini on PA 5000 4000 3000 and 2s minimum on the other) is different as hello interval (8s mini) and a failover base on hello intervall is rare

and you need to wait 3x heartbeat intervalle to triggred a failover.

plus you need to considered the promote hold time with a minimum of 500ms.

brief as minimum if you triggered a failover you need to wait 3,5s before retrived something working

any comment?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!