FAQ-Is Security Policy Required to Permit Packets Between the Local Zone and the Zone Where the Heartbeat Interface Resides

Publication Date:  2015-07-01 Views:  232 Downloads:  0
Issue Description
Is Security Policy Required to Permit Packets Between the Local Zone and the Zone Where the Heartbeat Interface Resides?
Solution
 If you do not configure remote when you configure the heartbeat interface, the heartbeat packets are encapsulated into VRRP packets, and the NGFW that has no security policy can properly process backup packets.

     If you configure remote when you configure the heartbeat interface, the heartbeat packets are encapsulated into UDP packets, and a correct security policy needs to configured for the interzone between the Local zone and the security zone where the heartbeat interfaces reside, which enables the NGFW to properly send and receive the heartbeat packets.

END