- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-26-2021 02:59 AM
I have setup two PA850 in a active passive pair. I am simulating failover manually, when I disconnect the cable, I see around 8 packet drops. Is there any specific settings to reduce the delay. 4 packet drops are acceptable. I have bundled interfaces on the firewall.
04-26-2021 03:03 AM - edited 04-26-2021 03:05 AM
Try first with the aggresive failover profile and if needed play with the advanced settings (Monitor Fail Hold Up Time (ms)):
Also if you want better failover because or routing path monitoring see BFD:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/bfd/configure-bfd.html
04-27-2021 06:04 AM
you can optimize your failure detection by setting more aggressive timers in device > high availability > general > election settings and setting the HA Timer Settings to 'aggressive'
If you did not do so, configure your aggregate interfaces for LACP and also enable LACP in HA passive state (you'll need to change the passive link state to 'auto' in device > high availability)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!