General discussion
HA Condition - Link Monitor Recovery - Time to retake Active Link Monitor role
Hello Community, how is everything going, I hope it's going well.
I have the following questions regarding HA.
Details of the environment.
Active - Passive A/P
Main - PA-52XX-01-HA - Priority 50
Secondary - PA-52XX-02-HA - Priority 100
Preemtive active
Link State Passive - Auto
Link monitor interfaces eth1/1 - eth1/2 - eth1/3 - eth1/4 - in VWIRE mode ( If "any" fails apply failover ).
We understand that when there is a restart of the PA-01 firewall, priority 50, the role is assumed by the PA-02, after the main firewall restarts, because of the preemtive value, it waits for 1 minute and takes control again.
Now I have the following doubt, I will describe the specific situation:
PA-01 active, two interfaces fail - PA-02 assumes active role ---- Operates a few minutes on Secondary PA-02 with active role all good. It recovers from the failure condition of the two interfaces. How long does it take to assume the role again, once it has recovered from the failure condition? I understand it is immediately under the Promotion Hold Time (ms) timer 2000/500 ms.
Now if it is 1 minute, is it possible to recover the role immediately, when it comes back and the Link Monitor failure condition is restored ??
Detail Doc PA Timers:
Promotion Hold Time (ms)
Time that the passive firewall (in active/passive mode) or the active-secondary firewall (in active/active mode) will wait before taking over as the active or active-primary firewall after communications with the HA peer have been lost. This hold time will begin only after the peer failure declaration has been made.
2000/500.
Preemption Hold Time (min)
Time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall.
1/1
Thank you very much for your kindness, cooperation and your time.
I remain attentive
Best regards