from CCSE R80 guide:
The Priority and Delta values determine how the system fails over. In this scenario,
we have two gateways, the first with a priority of 100 and the second with a priority
of 95. If the first gateway fails, it’s priority changes to 90 and the second gateway
with the higher priority (95) takes over.
What Happens with firewall-A Fails
firewall-B will stop seeing VRRP HELLO packets from firewall-A on the External LAN and wait 3 intervals to be sure.
firewall-B will then add the VIPs to its interfaces and start sending out HELLO packets.
VRRP MC running firewall-A's other interfaces react to the loss of eth-s1p1c0 by lowering the effective priority by the delta value.
firewall-A now starts sending out HELLO packets with a new priority.
firewall-B sees these new packets with a priority less than its own and begins adding the VIPs to its DMZ and Internal interfaces. You should see "Duplicate IP Address" error messages on the console of both platforms
firewall-B is now sending out HELLO packets which firewall-A sees and as a result it deletes the VIPs from its DMZ and Internal network interfaces.
The duplicate IP address error messages stops.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk38524
Priority Delta - Enter the value to subtract from the Priority to create an effective priority when an interface fails. The range is 1-254.
If an interface fails on the backup, the value of the priority delta is subtracted from its priority. This gives a higher effective priority to another Security Gateway member.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Nikolas
Highly Voted 1 year, 10 months agobabochnik
Most Recent 1 month, 2 weeks agowakopro
1 year, 9 months agoOrmaz
1 year, 4 months ago