Must the Heartbeat Interfaces Be Directly Connected?
No. The heartbeat interfaces can be connected either directly or through intermediate devices, such as switches or routers. Directly connection between the heartbeat interfaces is recommended.
If the heartbeat interfaces are connected through intermediate devices, set remote to specify the IP address of the peer heartbeat interface when configuring a heartbeat interface.
If you do not set remote, the NGFW encapsulates heartbeat packets into VRRP packets before sending them. Because VRRP packets are sent in multicast mode, some switches and routers send received VRRP packets to their CPUs for processing, which consumes CPU resources. Heartbeat packets increase with services on the NGFW, causing high CPU usage on the switches and routers. Meanwhile, the switches and routers also process other packets sent in multicast mode, such as OSPF packets, which compromises services. As a result, the NGFW status is not stable. As a result, heartbeat packets from the NGFW are discarded, and the NGFW status is not stable.
After you set remote, the NGFW encapsulates heartbeat packets into UDP packets. The switches and routers do not send UDP packets to their CPU, which has no impact on device performance and services.