The Hello Interval is the time interval between heartbeat packets that are sent to verify that the opposing firewall is operational. The minimum value for hello interval is 1000 milliseconds (1 second) on the PA-4000 series, and 8000 milliseconds on the PA-2000 series. Setting the value to the minimum is recommended to achieve optimal failover times. When there is a loss of 3 hello messages the adjacent firewall is declared to be down and the passive device will become active
See https://live.paloaltonetworks.com/docs/DOC-1094 which was recommended in an earlier post.
Don't they mean the HEARTBEAT interval parameter? Because the minimum value for HELLO on PA-5020 is 8000ms, I can't imaging having to wait for 3x 8000ms before a failover takes place?
If not, what is the purpose of the HEARTBEAT interval parameter?
Also, is the 3 times retry value configurable?
Hello interval is used to determine if the ha_agent process on the peer device is up and running whereas the heartbeat interval will determine if the peer is up and running. So increasing the value of hello interval should not effect the failover times unless ha_agent hangs.
Heatbeat Interval(1s mini on PA 5000 4000 3000 and 2s minimum on the other) is different as hello interval (8s mini) and a failover base on hello intervall is rare
and you need to wait 3x heartbeat intervalle to triggred a failover.
plus you need to considered the promote hold time with a minimum of 500ms.
brief as minimum if you triggered a failover you need to wait 3,5s before retrived something working
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!