Actually this is a question for Mtuma and not a suggestion for Alex.
Is there any cf command that could force the failover?
I have in the past disabled an interface that was non important and forced a failover or in my test firewalls also have pulled the cable to the interface. I was advised by mcafee not to do this for the heartbeat interfaces for obvious reasons.
I guess 'cf fail stop' is no longer there at v8. You need to shutdown or reboot the primary to get it to fail over. You would have to reboot it anyway if you ran 'cf fail stop' at v7.
Alex is using a HA+LS cluster however. it would failover with the disconnection of an interface that is beeing monitored and failback using the same method right?
I am not usually one for the rebooting of a firewall that for all purposes is technically operational and can failover and back easily. In my test firewalls it takes about 4 seconds to failover and 10 -15 seconds for the policies to sync. This can be viewed with cf cluster status and keep running the command a few times and you can see the policy sync.
You are correct.
Technically if an interface fails or is disabled then a failover should occur as that firewall is not in a good state. Then re-enabling the interface should put the firewall back into a good state and it should re-join the cluster, this time as the secondary in HALS.
You can use 'cf cluster softshutdown' in an LSHA cluster to get that member to stop accepting new connections and finish with the ones it is working on now. That is a good way to get one firewall to take over. You must then reboot the member that softshutdown was run on to get it back into the pair.