Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Failover

In active-passive HA, failover occurs when the primary device becomes unavailable and the auxiliary device starts processing all the traffic.

In active-active HA, failover occurs when either of the devices becomes unavailable. The peer device then starts processing all the traffic.

When the auxiliary device becomes the primary device after failover, its web admin console shows the primary device configuration.

Triggers for failover

  • Triggers


    • Missing heartbeat between the HA devices
    • A monitored port is unavailable
    • A device is unavailable

Missing Heartbeat

HA devices send heartbeat packets to each other over the dedicated HA link to communicate that they're available. These are Virtual Router Redundancy Protocol (VRRP) requests. By default, they send a heartbeat packet every 250 milliseconds. If a device doesn't receive 16 (default) consecutive packets, it considers the peer unavailable.

When an active device becomes unavailable, failover occurs. When either device (active or passive) becomes unavailable, the peer becomes a standalone device.

Monitored port

You can select physical interfaces to monitor when you configure HA. You can select more than one interface to monitor.

If even a single monitored port becomes unavailable, the device considers itself unavailable, and failover occurs.

Device is unavailable

An HA device can become unavailable for the following reasons:

  • Power loss
  • Hardware failure
  • Software failure

Session failover

When failover occurs, current sessions fail over to the peer device for some services and traffic types.

Traffic Session failover
Forwarded TCP traffic, including NAT
UDP, ICMP, broadcast, and multicast
VLAN
VPN

VPN tunnels: Route-based, policy-based, and remote access IPsec sessions are restored with seamless connection failover.

Traffic over IPsec VPN: In IPsec tunnels, HA session failover supports stateless protocols, such as UDP and ICMP, but doesn't support stateful protocols, such as TCP.

Web requests (HTTP and HTTPS)

Current web requests are dropped. The browser automatically retries the request. The current primary processes the request.

Failing back to primary device

When the device that's the Initial primary fails over to the auxiliary device and then becomes available again, it takes one of the following roles:

  • It remains the auxiliary.
  • It automatically becomes the primary again if you select Preferred primary device in its HA configuration.

If you select Preferred primary device in the primary device, the cluster behaves as follows:

  1. After the initial primary device becomes available, all its services start and synchronize themselves with the peer device that's functioning as a standalone device.
  2. The standalone device restarts.
  3. The initial primary becomes the current primary device again.
  4. The peer device becomes the auxiliary device.

Note

We recommend that you select the Preferred primary device setting. It helps you easily identify the device carrying the licenses in active-passive HA.

Here's an example.

Failback to primary device process.