No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

FAQ-Must the Heartbeat Interfaces Be Directly Connected

Publication Date:  2015-07-01  |   Views:  671  |   Downloads:  0  |   Document ID:  EKB1000081169


Issue Description

Must the Heartbeat Interfaces Be Directly Connected?


No. The heartbeat interfaces can be connected either directly or through intermediate devices, such as switches or routers. Directly connection between the heartbeat interfaces is recommended.

If the heartbeat interfaces are connected through intermediate devices, set remote to specify the IP address of the peer heartbeat interface when configuring a heartbeat interface.

If you do not set remote, the NGFW encapsulates heartbeat packets into VRRP packets before sending them. Because VRRP packets are sent in multicast mode, some switches and routers send received VRRP packets to their CPUs for processing, which consumes CPU resources. Heartbeat packets increase with services on the NGFW, causing high CPU usage on the switches and routers. Meanwhile, the switches and routers also process other packets sent in multicast mode, such as OSPF packets, which compromises services. As a result, the NGFW status is not stable. As a result, heartbeat packets from the NGFW are discarded, and the NGFW status is not stable.

After you set remote, the NGFW encapsulates heartbeat packets into UDP packets. The switches and routers do not send UDP packets to their CPU, which has no impact on device performance and services.