Configuring the monitoring port for hot standby on the firewall

15

VGMP groups can detect interface or device faults. Interface or device faults decrease the priority values of VGMP groups, which changes the active/standby status of the VGMP groups and the active/standby status of devices.
Each time an interface monitored by a VGMP group fails, the priority of the VGMP group decreases by 2. The priority of a VGMP group is calculated using this formula: Priority of a VGMP group = Default priority of the VGMP group - 2 x N (N indicates the number of interface faults).
The VGMP group can detect interface faults in the following ways:
1. Use a VRRP group to monitor interfaces. This method applies when the service interfaces of each device work at Layer 3 and are directly connected to switches. The devices use static routes to communicate with the routers or PCs directly connected to the switches. For the configuration method, see the examples in the product documentation: active/standby networking in which the service interfaces of each NGFW work at Layer 3 and directly connect to switches; load balancing networking in which the service interfaces of each NGFW work at Layer 3 and directly connect to switches.
2. Directly monitor interfaces. This method applies when the service interfaces of each NGFW work at Layer 3 and are directly connected to routers. The NGFWs and routers run OSPF. For the configuration method, see the examples in the product documentation: active/standby networking in which the service interfaces of each NGFW work at Layer 3 and directly connect to routers; load balancing networking in which the service interfaces of each NGFW work at Layer 3 and directly connect to routers.
3. Monitor the VLAN to which the service interfaces of each NGFW belong. This method applies when the service interfaces of each NGFW work at Layer 2. For the configuration method, see the examples in the product documentation: load balancing networking in which the service interfaces of each NGFW work at Layer 2 and are directly connected to routers

Other related questions:
Whether the standby firewall forwards traffic in hot standby deployment
The standby device does not forward service traffic. However, the device properly forwards traffic sent to it, such as the ICMP packet for pinging the device interface IP address. Therefore, you can view traffic on the standby device.

Whether virtual firewalls support hot standby
Yes.

Whether the firewall supports the hot standby feature
USGs of all models support hot standby.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top