05-09-2017 02:55 PM
Hi folks,
Preparing for my HA configuration this weekend. 🙂
I have a question about creating a Path monitoring group on the Passive device.
While I go through the procedures to configure HA on the Active device, I plan to set a Path monitoring group for our virtual router named SDTSS.
When I go through the same procedures on my Passive device (already reset to default, apply licensing, etc), I should not expect to see SDTSS as a selection in my Path monitor group creation, correct?
Would have to finish configuring and sync for created Virtual Router configs to come over to Passive device before I could configure a Path monitoring group for a virtual router (beyond default)?
Thanks
05-09-2017 07:10 PM - edited 05-09-2017 07:11 PM
Yeah until you have config syncronized over you don't have custom virtual router there in the list.
Few options.
Rename default router to SDTSS and prepare Path monitoring.
Configure Path monitoring in Web interface after HA is set up.
Identify config change when you configure Path Monitoring on active device, copy those set commands out and paste them into secondary device when HA is set up.
Way to get full config in set commands:
> set cli config-output-format set
> configure
# show
Edit: Definitely use at least 2 different destinations in Path Monitoring. If you don't want your firewalls to flap then don't expect that 8.8.8.8 gives you SLA and is always up 🙂
05-09-2017 07:10 PM - edited 05-09-2017 07:11 PM
Yeah until you have config syncronized over you don't have custom virtual router there in the list.
Few options.
Rename default router to SDTSS and prepare Path monitoring.
Configure Path monitoring in Web interface after HA is set up.
Identify config change when you configure Path Monitoring on active device, copy those set commands out and paste them into secondary device when HA is set up.
Way to get full config in set commands:
> set cli config-output-format set
> configure
# show
Edit: Definitely use at least 2 different destinations in Path Monitoring. If you don't want your firewalls to flap then don't expect that 8.8.8.8 gives you SLA and is always up 🙂
05-10-2017 07:33 AM
Thank you!
I will likely try for a successful sync first.
I wonder how much Link/Path monitoring matters on a Passive device if the other is set to Preemptive and should switch back to it when comes back online?
05-10-2017 09:29 AM
Passive will not do any path monitoring as it's interfaces are not enabled.
Passive uses same MAC addresses as active so it can't have interface up.
I suggest to set "Passive Link State" to auto. Default is Shut down.
Auto will bring passive firewall up faster as switch ports are already aware of device connected to those ports.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
