You specify a failover weight, in percent, for each VPN tunnel to be monitored. The assigned weights only come into play when the status of one or more tunnels is "down." If the cumulative weight of all down tunnels reaches or exceeds 100%, ScreenOS fails over to the backup interface. Tunnels that are in "inactive," "ready," or undetermined state are counted as 50% of the assigned weight.
If failover to the backup interface occurs, ScreenOS can still try to establish new VPN tunnels on the primary interface if the VPN monitor rekey feature is enabled. When the VPN monitor rekey feature is enabled, ScreenOS can revert traffic back to the primary interface if the accumulated failover weight becomes less than 100%.