The Failover And Stateful Failover Links - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
with a UR license. If the unit with a UR license in a failover pair fails and is removed from the
configuration, the unit with the FO or FO_AA license does not automatically reboot every 24 hours; it
operates uninterrupted unless the it is manually rebooted.
When the unit automatically reboots, the following message displays on the console:
=========================NOTICE=========================
========================================================
The ASA 5500 series adaptive security appliance platform does not have this restriction.
The Failover and Stateful Failover Links
This section describes the failover and the Stateful Failover links, which are dedicated connections
between the two units in a failover configuration. This section includes the following topics:
•
•
Failover Link
The two units in a failover pair constantly communicate over a failover link to determine the operating
status of each unit. The following information is communicated over the failover link:
•
•
•
•
•
•
All information sent over the failover and Stateful Failover links is sent in clear text unless you secure
Caution
the communication with a failover key. If the security appliance is used to terminate VPN tunnels, this
information includes any usernames, passwords and preshared keys used for establishing the tunnels.
Transmitting this sensitive data in clear text could pose a significant security risk. We recommend
securing the failover communication with a failover key if you are using the security appliance to
terminate VPN tunnels.
On the PIX 500 series security appliance, the failover link can be either a LAN-based connection or a
dedicated serial Failover cable. On the ASA 5500 series adaptive security appliance, the failover link can
only be a LAN-based connection.
This section includes the following topics:
•
•
OL-10088-01
This machine is running in secondary mode without
a connection to an active primary PIX. Please
check your connection to the primary system.
REBOOTING....
Failover Link, page 14-3
Stateful Failover Link, page 14-5
The unit state (active or standby).
Power status (cable-based failover only—available only on the PIX 500 series security appliance).
Hello messages (keep-alives).
Network link status.
MAC address exchange.
Configuration replication and synchronization.
LAN-Based Failover Link, page 14-4
Serial Cable Failover Link (PIX Security Appliance Only), page 14-4
Cisco Security Appliance Command Line Configuration Guide
Understanding Failover
14-3
Advertisement
Table of Contents
Troubleshooting
