Why does not the original active firewall preempt after recovery


Possible causes are as follows:
-The preemption function is disabled.
-The preemption conditions are not met. The original active firewall does not immediately preempt after recovery. Instead, it waits for a delay before the preemption. The preemption delay is set to avoid unstable active/standby switchover.

Other related questions:
Problem and solution when the original active firewall does not preempt the active role after recovery
Possible causes are as follows: The preemption function is disabled. The preemption hold-on timer has not expired. The original active firewall does not perform preemption immediately after recovery. Setting preemption hold-on prevents repeated switchover resulting from unstable active firewall status.

Why does the active firewall require a longer preemption delay than that on the standby firewall
Preemption starts after the original active firewall recovers. If the preemption delay of the active firewall is too shorter than that on the standby firewall, the active firewall may switch status before the session entries on the standby firewall are completely synchronized to the active firewall. As a result, some services may be interrupted. Therefore, the active firewall requires a longer preemption delay. Preemption does not start after the standby firewall recovers. Therefore, preemption delay is meaningless for the standby firewall and you can use the default preemption delay.

Why are services interrupted after the original active firewall preempts
Services are normal after the active/standby switchover, but services are interrupted after the active firewall preempts. The possible cause is that the network has not converged or sessions are not completely backed up. Besides, if a switch fails, its interfaces may go up and down repeatedly when the switch restarts. If the firewall preempts during the process, services may be interrupted. In this case, adjust the preemption delay of the original active firewall.

Why are the sessions of the current active firewall marked with remote after active/standby switchover
The sessions marked with remote are synchronized from the original active firewall. After active/standby switchover, the synchronized sessions are still marked with remote until the sessions age out.

Why are not commands executed on the active firewall synchronized to the standby firewall
If you disable the automatic configuration synchronization function, the configurations are not synchronized. Besides, not all commands can be synchronized. For example, interface and routing configurations cannot be synchronized. For commands that can be synchronized, see Specifications.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top