HA failover time

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

HA failover time

Not applicable

Hello,

How many time does failover take in seconds (when it happen)?, I have an Active/Passive deployment and I hope to use 5050 platform

6 REPLIES 6

L5 Sessionator

Hello,

Failover can depend on a lot of factors please refer these docs:-

https://live.paloaltonetworks.com/docs/DOC-2034

https://live.paloaltonetworks.com/docs/DOC-1094

Thank you.

Subijith Raghunandan.

L5 Sessionator

Also please refer this doc which talks about configuration :-

https://live.paloaltonetworks.com/docs/DOC-2926

L3 Networker

The Hello Interval is the time interval between heartbeat packets that are sent to verify that the opposing firewall is operational. The minimum value for hello interval is 1000 milliseconds (1 second) on the PA-4000 series, and 8000 milliseconds on the PA-2000 series. Setting the value to the minimum is recommended to achieve optimal failover times. When there is a loss of 3 hello messages the adjacent firewall is declared to be down and the passive device will become active


See https://live.paloaltonetworks.com/docs/DOC-1094 which was recommended in an earlier post.

Don't they mean the HEARTBEAT interval parameter? Because the minimum value for HELLO on PA-5020 is 8000ms, I can't imaging having to wait for 3x 8000ms before a failover takes place?

If not, what is the purpose of the HEARTBEAT interval parameter?

Also, is the 3 times retry value configurable?

Hello interval is used to determine if the ha_agent process on the peer device is up and running whereas the heartbeat interval will determine if the peer is up and running. So increasing the value of hello interval should not effect the failover times unless ha_agent hangs.

Heatbeat Interval(1s mini on PA 5000 4000 3000 and 2s minimum on the other) is different as hello interval (8s mini) and a failover base on hello intervall is rare

and you need to wait 3x heartbeat intervalle to triggred a failover.

plus you need to considered the promote hold time with a minimum of 500ms.

brief as minimum if you triggered a failover you need to wait 3,5s before retrived something working

any comment?

  • 6595 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!