Failover Health Monitoring - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Understanding Failover
•
•
•
•
•
•
•
The information that is not passed to the standby unit when Stateful Failover is enabled includes the
following:
•
•
•
•
•
The following WebVPN features are not supported with Stateful Failover:
•
•
•
•
•
•
If failover occurs during an active Cisco IP SoftPhone session, the call remains active because the call
Note
session state information is replicated to the standby unit. When the call is terminated, the IP SoftPhone
client loses connection with the Cisco CallManager. This occurs because there is no session information
for the CTIQBE hangup message on the standby unit. When the IP SoftPhone client does not receive a
response back from the Call Manager within a certain time period, it considers the CallManager
unreachable and unregisters itself.
For VPN failover, VPN end-users should not have to reauthenticate or reconnect the VPN session in the
event of a failover. However, applications operating over the VPN connection could lose packets during
the failover process and not recover from the packet loss.
Failover Health Monitoring
The security appliance monitors each unit for overall health and for interface health. See the following
sections for more information about how the security appliance performs tests to determine the state of
each unit:
•
•
Cisco Security Appliance Command Line Configuration Guide
14-16
UDP connection states.
The ARP table.
The Layer 2 bridge table (when running in transparent firewall mode).
The HTTP connection states (if HTTP replication is enabled).
The ISAKMP and IPSec SA table.
GTP PDP connection database.
SIP signalling sessions
The HTTP connection table (unless HTTP replication is enabled).
The user authentication (uauth) table.
The routing tables. After a failover occurs, some packets may be lost our routed out of the wrong
interface (the default route) while the dynamic routing protocols rediscover routes.
State information for Security Service Modules.
DHCP server address leases.
Smart Tunnels
Port Forwarding
Plugins
Java Applets
IPv6 clientless or Anyconnect sessions
Citrix authentication (Citrix users must reauthenticate after failover)
Unit Health Monitoring, page 14-17
Interface Monitoring, page 14-17
Chapter 14
Configuring Failover
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
