Swapping the roles of Firewalls in HA Pair

Showing results for 
Search instead for 
Did you mean: 

Swapping the roles of Firewalls in HA Pair

L2 Linker

Hi Guys


I want to swap the Active/passive roles of the Firewalls in HA pair and let it run for couple of weeks.

I know that can be done by 'suspending the role' from GUI and from CLI too.

want to be careful about pre-emption and donot want to break the HA pair.

Does suspending teh device on active  means forcing the device to be passive plus taking it off from HA pair?

any tips that needs to be taken care of?




L4 Transporter

Disable pre-empt on both, suspend the local active, done.


I don't have pre-empt on anymore as I would rather failover and run on the other device until I decide the time is right to switch back.



L5 Sessionator

Suspending device means making it non-functional. So yes in a way it's like taking it out of a cluster as it won't take active role again even if the other shuts down.

So you want to make it functional again asap. Pre-emptive will control how cluster behaves when primary device returns.

@RobinClayton wrote:

Disable pre-empt on both, suspend the local active, done. 

That breaks the HA config leaving you running on only a single firewall. You forgot the last step, un-suspend the now passive box, in order to re-add it to the HA pair.  🙂


1.  Make sure pre-empt is disabled on the active firewall and the passive firewall.

2.  Suspend the active firewall, thus forcing a fail-over event, switching the roles of the two firewalls.

3.  Re-enable the (now) passive firewall, to re-add it to the HA pair.




Yeah, I only ever realy suspend when patching so the suspended unit gets rebooted and becomes active anyway.




Thank you. I am talking in terms of upgrading the firewalls in HA pair. As my passive firewall doesn;t use service enroute interface as management interface, it is unable to download the software.

So I have to dis-able and re-enable pre-emp after or before every reboot?


Preemption controls what happens when higher priority device returns from down/non-functional state to functional, nothing else.

If it's on, higher priority device becomes active when it returns from down/non-functional state

If it's off, higher priority device becomes passive  when it returns from down/non-functional state


Decide how you want your cluster to behave, then control it with preemption.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!