Device Priority and Preemption
The firewalls in an Active-Passive HA pair can be assigned
a
device priority value to indicate a preference for
which firewall should assume the active role. If you need to use
a specific firewall in the HA pair for actively securing traffic,
you must enable the preemptive behavior on both the firewalls and
assign a device priority value for each firewall. The firewall with
the lower numerical value, and therefore
higher priority,
is designated as active. The other firewall is the passive firewall.
The same is true for an Active-Active HA pair; however, the
device
ID is used to assign a device priority value. Similarly,
the lower numerical value in device ID corresponds to a higher priority.
The firewall with the higher priority becomes active-primary and
the paired firewall becomes active-secondary.
By default, preemption is disabled on the firewalls and must
be enabled on both firewalls. When enabled, the preemptive behavior
allows the firewall with the
higher priority (lower
numerical value) to resume as active or active-primary after it
recovers from a failure. When preemption occurs, the event is logged
in the system logs.