What are the different failover scenarios?

1.	What are the different failover scenarios?
Answer» The event is known as a failover when one firewall fails and the peer takes over the role of safeguarding traffic. When a monitored metric on a firewall in the HA pair fails, for example, a failover is initiated. The scenarios that explain the failure over TRIGGERING are as follows: Hello messages and heartbeat POLLING: Hello messages and heartbeats are used by the firewalls to ensure that the peer firewall is responsive and working. To validate the state of the firewall, hello messages are delivered from one peer to the other at the configured Hello Interval. The heartbeat is an ICMP ping over the control link to the HA peer, to which the peer responds to CONFIRM that the firewalls are connected and responding. The heartbeat interval is 1000 milliseconds by default. Every 1000 milliseconds, a ping is ISSUED, and if three consecutive heartbeat losses occur, a failover happens. Link monitoring: The monitored physical interfaces are organised into a link group, and their status (link up or link down) is tracked. One or more physical interfaces can be found in a link group. When any or all of the interfaces in a group fail, a firewall failure occurs. The default behaviour is that if any link in the link group fails, the firewall will set the HA status to non-functional (or tentative in active/active mode) to signify a monitored object failure. Path monitoring: Path Monitoring keeps track of the whole network path to mission-critical IP addresses. Pings using the ICMP protocol are used to check if an IP address is reachable. Ping intervals are set to 200ms by default. When 10 consecutive pings (the default value) fail, an IP address is declared unreachable, and a firewall failure occurs when any or all of the monitored IP addresses become unreachable. The default behaviour is that if any of the IP addresses becomes unreachable, the firewall will set the HA state to non-functional (or tentative in active/active mode) to signify a monitored object failure. A failover happens when the administrator suspends the firewall or when PREEMPTION occurs, in addition to the above failover triggers.

Answer»

The event is known as a failover when one firewall fails and the peer takes over the role of safeguarding traffic. When a monitored metric on a firewall in the HA pair fails, for example, a failover is initiated.

The scenarios that explain the failure over TRIGGERING are as follows:

Hello messages and heartbeat POLLING:
- Hello messages and heartbeats are used by the firewalls to ensure that the peer firewall is responsive and working. To validate the state of the firewall, hello messages are delivered from one peer to the other at the configured Hello Interval.
- The heartbeat is an ICMP ping over the control link to the HA peer, to which the peer responds to CONFIRM that the firewalls are connected and responding. The heartbeat interval is 1000 milliseconds by default. Every 1000 milliseconds, a ping is ISSUED, and if three consecutive heartbeat losses occur, a failover happens.
Link monitoring:
- The monitored physical interfaces are organised into a link group, and their status (link up or link down) is tracked. One or more physical interfaces can be found in a link group. When any or all of the interfaces in a group fail, a firewall failure occurs. The default behaviour is that if any link in the link group fails, the firewall will set the HA status to non-functional (or tentative in active/active mode) to signify a monitored object failure.
Path monitoring:
- Path Monitoring keeps track of the whole network path to mission-critical IP addresses. Pings using the ICMP protocol are used to check if an IP address is reachable. Ping intervals are set to 200ms by default. When 10 consecutive pings (the default value) fail, an IP address is declared unreachable, and a firewall failure occurs when any or all of the monitored IP addresses become unreachable. The default behaviour is that if any of the IP addresses becomes unreachable, the firewall will set the HA state to non-functional (or tentative in active/active mode) to signify a monitored object failure.
- A failover happens when the administrator suspends the firewall or when PREEMPTION occurs, in addition to the above failover triggers.

What are the different failover scenarios?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment