Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Interface Failover in ScreenOS Devices


The Failover is only available for some security devices. Use the Failover option to configure the security device to switch over traffic from the primary interface to the backup interface, and from the backup to the primary when there are both primary and backup interfaces bound to the Untrust zone. An interface failover can occur when ScreenOS detects a physical link problem on the primary interface connection, such as an unplugged cable. You can also define the following types of interface failover:

  • When certain IP addresses become unreachable through a given interface using IP tracking

  • When certain VPN tunnels on the primary untrust interface become unreachable using VPN tunnel monitoring

You can also configure the security device to automatically switch to the backup interface if ScreenOS detects a failure on the primary interface connection. When the connection through the primary interface is restored, ScreenOS automatically switches traffic from the backup interface to the primary.

By default, there is a 30-second interval before the failover occurs (the hold-down time). You can change this interval.

For more detailed explanation about interface failover on security devices, see the “High Availability” volume in the Concepts & Examples ScreenOS Reference Guide.