Whether the subcard interface can serve as the heartbeat interface

12

Yes. Subcard interfaces can also serve as heartbeat interfaces and support backing up policies, sessions, and table entries.

Other related questions:
Whether the heartbeat interfaces of the firewall must be directly connected
It depends. The heartbeat interface can be directly connected or connected through an intermediate device, such as a switch or router. Direct connection is recommended. When the heartbeat interface is connected through an intermediate device, you need to configure the remote parameter to specify the peer heartbeat interface IP address. This is because: If you do not configure the remote parameter, the heartbeat packet sent from the NGFW is encapsulated with VRRP. VRRP packets are multicast packets, and certain switches and routers send packets of this type to themselves for processing, occupying their CPU resources. Heartbeat packets on the NGFW increase as services increase, overloading the switch and router CPUs and affecting their processing of other multicast packets (such as OSPF packets). The restrictions of the switch and router on VRRP packets also cause NGFW heartbeat packets to be discarded, causing the NGFW status to be unstable. After you configure the remote parameter, the NGFW encapsulates heartbeat packets into UDP packets. The switch and router do not send UDP packets to themselves for processing. Therefore, the switch and router performance and network services are not affected.

Must the heartbeat interfaces be directly connected
No. The heartbeat interfaces can be connected either directly or through intermediate devices, such as switches or routers. Directly connection between the heartbeat interfaces is recommended.

Configuring the firewall to use Layer 2 interfaces as heartbeat interfaces
If you want to use a Layer 2 interface as the heartbeat interface, you need to add it to the VLAN, create the VLANIF interface, and configure the IP address of the VLANIF interface. Then use the VLANIF interface as the heartbeat interface and set the remote parameter to specify the heartbeat interface IP address of the peer device.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top