keepalive
-
Is there a way to adjust the keepalive time for a carp vip. I don't want it to fail over immediately in all cases.
Alternatively is there a way to keep the entire firewall from failing over everything when you only loose one link for one of the network vips?
-
It sounds like you are confusing Multi-WAN with CARP/HA.
You are going to have to be a lot more descriptive to get an answer, probably.
-
I don't think I'm confusing the two.
I have several carp vips on a few different physical interfaces. When I want to physically unplug one of the links to say, reroute the cable, which sometimes takes a few seconds, I don't want the firewall to failover everything to the secondary immediately, which it seems to do.
I know I can just remove the carp vip, move the cable, then re-add the vip. That would achieve what I want, however that seems tedious. As an alternative I was wondering if there was a way to adjust the keepalive/hello (or whatever it's called here) to say 10 seconds. That way the primary would fallover to the secondary after 10 seconds of seeing dead link.
I hope that makes more sense.
-
Yeah, that's what it is supposed to do.
I would set a maintenance window, put the primary in maintenance mode, do what you have to do, and remove it from maintenance mode.
And I'd stop moving cables around.
