The subnet that is used for the local and peer
IP should not be used anywhere else on the virtual router.
The OS and Content Release versions should be the same on
each firewall. A mismatch can prevent peer firewalls from synchronizing.
The LEDs are green on the HA ports for the active firewall
and amber on the passive firewall.
To compare the configuration of the local and peer firewalls,
tool on the
by selecting the desired local configuration in the left selection
box and the peer configuration in the right selection box.
Synchronize the firewalls from the web interface by clicking
in the HA widget on the
The configuration on the firewall from which you push the configuration
overwrites the configuration on the peer firewall. To synchronize
the firewalls from the CLI on the active firewall, use the command
request high-availability sync-to-remote running-config.
a High Availability (HA) active/passive configuration with firewalls
that use 10 gigabit SFP+ ports, when a failover occurs and the active firewall
changes to a passive state, the 10 gigabit Ethernet port is taken
down and then brought back up to refresh the port, but does not
enable transmit until the firewall becomes active again. If you
have monitoring software on the neighboring device, it will see
the port as flapping because it is going down and then up again.
This is different behavior than the action with other ports, such
as the 1 gigabit Ethernet port, which is disabled and still allows
transmit, so flapping is not detected by the neighboring device.