Failover triggers and detection timing

Failover triggering events and timing parameters

These events trigger failover in a Firepower high availability pair:

• More than 50% of the Snort instances on the active unit are down.

• Disk space on the active unit is more than 90% full.

• The no failover active command is run on the active unit or the failover active command is run on the standby unit.

• The active unit has more failed interfaces than the standby unit.

• Interface failure on the active device exceeds the threshold configured.

  By default, failure of a single interface causes failover. You can change the default value by configuring a threshold for the number of interfaces or a percentage of monitored interfaces that must fail for the failover to occur. If the threshold is exceeded on the active device, failover occurs. If the threshold is exceeded on the standby device, the unit moves to Fail state.

  To change the default failover criteria, enter this command in global configuration mode:

  Interface policy command

  Command	Purpose
  failover interface-policy num [%] hostname (config)# failover interface-policy 20%	Changes the default failover criteria. When specifying a specific number of interfaces, the num argument can be from 1 to 250. When specifying a percentage of interfaces, the num argument can be from 1 to 100.

This table shows the failover triggering events and associated failure detection timing. If failover occurs, you can view the reason for the failover in the Message Center, along with various operations pertaining to the high availability pair. You can configure these thresholds to a value within the specified minimum-maximum range.