keepalive



  • Is there a way to adjust the keepalive time for a carp vip. I don't want it to fail over immediately in all cases.

    Alternatively is there a way to keep the entire firewall from failing over everything when you only loose one link for one of the network vips?


  • Netgate

    It sounds like you are confusing Multi-WAN with CARP/HA.

    You are going to have to be a lot more descriptive to get an answer, probably.



  • I don't think I'm confusing the two.

    I have several carp vips on a few different physical interfaces. When I want to physically unplug one of the links to say, reroute the cable, which sometimes takes a few seconds, I don't want the firewall to failover everything to the secondary immediately, which it seems to do.

    I know I can just remove the carp vip, move the cable, then re-add the vip. That would achieve what I want, however that seems tedious. As an alternative I was wondering if there was a way to adjust the keepalive/hello (or whatever it's called here) to say 10 seconds. That way the primary would fallover to the secondary after 10 seconds of seeing dead link.

    I hope that makes more sense.


  • Netgate

    Yeah, that's what it is supposed to do.

    I would set a maintenance window, put the primary in maintenance mode, do what you have to do, and remove it from maintenance mode.

    And I'd stop moving cables around.