Unit health monitoring

Unit health monitoring is a failover mechanism that

determines the health of peer units by monitoring the failover link with hello messages
sends LANTEST messages on each data interface when three consecutive hello messages are missed, and
initiates appropriate failover actions based on peer unit responsiveness.

Unit health monitoring behavior

The Firewall Threat Defense device determines the health of the other unit by monitoring the failover link with hello messages. If a unit does not receive three consecutive hello messages on the failover link, the sends LANTEST messages on each data interface, including the failover link, to validate whether the peer is responsive. The action that the Firewall Threat Defense device takes depends on the response from the other unit. These are the possible actions:

If the Firewall Threat Defense device receives a response on the failover link, then it does not fail over.
If the Firewall Threat Defense device does not receive a response on the failover link, but it does receive a response on a data interface, then the unit does not failover. The failover link is marked as failed. You should restore the failover link as soon as possible because the unit cannot fail over to the standby while the failover link is down.
If the Firewall Threat Defense device does not receive a response on any interface, then the standby unit switches to active mode and classifies the other unit as failed.

Note

During a high-availability failover event, the Firewall Threat Defense device device may briefly appear as Offline in the device's health monitoring dashboard. This happens because health alerts are cleared during the process and are only updated after the process is complete. Wait for the failover operation to finish.