Tuning Panorama HA Timers to Stop False HA1 Alerts over MPLS

Hello Community,

I’m looking for some advice on tweaking our Panorama HA timers. We are seeing "false" failover alerts and want to ensure our plan to fix them is balanced correctly.

Setup:
Two Panoramas in an Active/Passive HA pair located in different Data Centers.
Communication is over a WAN MPLS link.
These manage two sets of firewalls (one set at each site); both Panoramas can push policies to all firewalls.

Issue
Every 15 to 20 days, we get a sequence of HA alerts, though a full failover hasn't occurred yet. Support confirmed we are missing about 4 heartbeats due to transient jitter on our MPLS.

The Alerts we receive (in order):
Primary Panorama: HA1 connection down.
Secondary Panorama: HA1 connection down.
Secondary Panorama: "HA peer determined to be Active through managed devices; staying in Passive state."

Even though it stays Passive, these alerts generate concern internally. We are currently using the standard "Recommended" timer settings, which seem a bit aggressive for our WAN. We want to move to Advanced settings to tweak the timers and stop these false alarms while maintaining a safe response time for a real failure.

Planned Changes:
Under Setup:
Monitor Hold Time: Increase from 3000ms to 8000ms or 10000ms. 

Under HA Advanced Settings:
Heartbeat Interval: Increase from 2000ms to 4000ms.
Hello Interval: Increase from 8000ms to 12000ms.
Additional Master Hold Up Time: Increase from 7000ms to 10000ms. 
Preemption Hold Time: Increase from 1 min to 2 min (or leave at 1 min?).

Under Path Monitoring:
Path Monitoring: Currently enabled with Failure Condition: Any. Should we Disable this entirely since we do not have any Path Groups or IPs defined or is it fine to leave it enabled?