Cisco PIX 500 Series Configuration Manual page 233

Chapter 14 Configuring Failover
The following commands are not replicated to the standby unit:
•
•
•
•
•
•
•
You can use the write standby command to resynchronize configurations that have become out of sync.
For Active/Active failover, the write standby command behaves as follows:
•
•
Replicated commands are not saved to the Flash memory when replicated to the peer unit. They are
added to the running configuration. To save replicated commands to Flash memory on both units, use
the write memory or copy running-config startup-config command on the unit that you made the
changes on. The command is replicated to the peer unit and cause the configuration to be saved to Flash
memory on the peer unit.
Failover Triggers
In Active/Active failover, failover can be triggered at the unit level if one of the following events occurs:
•
•
•
•
Failover is triggered at the failover group level when one of the following events occurs:
•
•
You configure the failover threshold for each failover group by specifying the number or percentage of
interfaces within the failover group that must fail before the group fails. Because a failover group can
contain multiple contexts, and each context can contain multiple interfaces, it is possible for all
interfaces in a single context to fail without causing the associated failover group to fail.
OL-12172-03
all forms of the copy command except for copy running-config startup-config
all forms of the write command except for write memory
debug
failover lan unit
firewall
mode
show
If you enter the write standby command in the system execution space, the system configuration
and the configurations for all of the security contexts on the security appliance is written to the peer
unit. This includes configuration information for security contexts that are in the standby state. You
must enter the command in the system execution space on the unit that has failover group 1 in the
active state.
Note If there are security contexts in the active state on the peer unit, the write standby command
causes active connections through those contexts to be terminated. Use the failover active
command on the unit providing the configuration to make sure all contexts are active on that
unit before entering the write standby command.
If you enter the write standby command in a security context, only the configuration for the security
context is written to the peer unit. You must enter the command in the security context on the unit
where the security context appears in the active state.
The unit has a hardware failure.
The unit has a power failure.
The unit has a software failure.
The no failover active or the failover active command is entered in the system execution space.
Too many monitored interfaces in the group fail.
The no failover active group group_id or failover active group group_id command is entered.
Cisco Security Appliance Command Line Configuration Guide
Understanding Failover
14-13