HA Timers
Focus
Focus

HA Timers

Table of Contents

HA Timers

High availability (HA) timers facilitate a firewall to detect a firewall failure and trigger a failover. To reduce the complexity in configuring HA timers, you can select from three profiles:
Recommended
,
Aggressive
and
Advanced
. These profiles auto-populate the optimum HA timer values for the specific firewall platform to enable a speedier HA deployment.
Use the
Recommended
profile for typical failover timer settings and the
Aggressive
profile for faster failover timer settings. The
Advanced
profile allows you to customize the timer values to suit your network requirements.
The following table describes each timer included in the profiles and the current preset values (Recommended/Aggressive) across the different hardware models; these values are for current reference only and can change in a subsequent release.
Timers
Description
PA-7000 Series
PA-5200 Series
PA-3200 Series
PA-800 Series
PA-220
VM-Series
Panorama Virtual Appliance
Panorama M-Series
Monitor Fail Hold Up Time (ms)
Interval during which the firewall will remain active following a path monitor or link monitor failure. This setting is recommended to avoid an HA failover due to the occasional flapping of neighboring devices.
0/0
0/0
0/0
Preemption Hold Time (min)
Time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall.
1/1
1/1
1/1
Heartbeat Interval (ms)
Frequency at which the HA peers exchange heartbeat messages in the form of an ICMP (ping).
1000/1000
2000/1000
2000/1000
Promotion Hold Time (ms)
Time that the passive firewall (in active/passive mode) or the active-secondary firewall (in active/active mode) will wait before taking over as the active or active-primary firewall after communications with the HA peer have been lost. This hold time will begin only after the peer failure declaration has been made.
2000/500
2000/500
2000/500
Additional Master Hold Up Time (ms)
Time interval that is applied to the same event as Monitor Fail Hold Up Time (range 0-60000 ms, default 500 ms). The additional time interval is applied only to the active firewall in active/passive mode and to the active-primary firewall in active/active mode. This timer is recommended to avoid a failover when both firewalls experience the same link/path monitor failure simultaneously.
500/500
500/500
7000/5000
Hello Interval (ms)
Interval in milliseconds between hello packets that are sent to verify that the HA functionality on the other firewall is operational. The range is 8000-60000 ms with a default of 8000 ms for all platforms.
8000/8000
8000/8000
8000/8000
Maximum No. of Flaps
A flap is counted when one of the following occurs:
  • A preemption-enabled firewall leaves the active state within 20 minutes after becoming active.
  • A link or path fails to stay up for 10 minutes after becoming functional.
In the case of a failed preemption or non-functional loop, this value indicates the maximum number of flaps that are permitted before the firewall is suspended (range 0-16; default 3).
3/3
3/3
Not Applicable

Recommended For You