Right now, an HA failover only happens if the master unit dies or becomes unreachable through its LAN interface. This doesn’t take WAN connectivity into consideration. If a WAN connection is down on the master, either because one of the WAN interfaces is down or because the connectivity tests fail on one of them, but the slave unit has its WAN interfaces up, that should produce a failover to the slave unit. This would require more advanced state monitoring than VRRP allows, and possibly a dedicated HA connection between the two units (sacrificing one of the WAN ports). Additionally, if the connection tables were synchronized through that dedicated HA link, you could have stateful failover capability, and TCP connections would not have to be re-established upon failover.
1 Like