Active/Active Failover - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
Table 14-1
Failover Behavior
Failure Event
Active unit failed (power or
hardware)
Formerly active unit recovers No failover
Standby unit failed (power or
hardware)
Failover link failed during
operation
Failover link failed at startup
Stateful Failover link failed
Interface failure on active unit
above threshold
Interface failure on standby
unit above threshold
Active/Active Failover
This section describes Active/Active failover. This section includes the following topics:
•
•
•
•
•
•
Active/Active Failover Overview
Active/Active failover is only available to security appliances in multiple context mode. In an
Active/Active failover configuration, both security appliances can pass network traffic.
OL-10088-01
Policy
Active Action
Failover
n/a
Become standby
No failover
Mark standby as
failed
No failover
Mark failover
interface as failed
No failover
Mark failover
interface as failed
No failover
No action
Failover
Mark active as
failed
No failover
No action
Active/Active Failover Overview, page 14-9
Primary/Secondary Status and Active/Standby Status, page 14-10
Device Initialization and Configuration Synchronization, page 14-11
Command Replication, page 14-11
Failover Triggers, page 14-12
Failover Actions, page 14-13
Standby Action
Notes
Become active
No hello messages are received on
any monitored interface or the
Mark active as
failover link.
failed
No action
None.
n/a
When the standby unit is marked as
failed, then the active unit does not
attempt to fail over, even if the
interface failure threshold is
surpassed.
Mark failover
You should restore the failover link
interface as failed
as soon as possible because the
unit cannot fail over to the standby
unit while the failover link is down.
Become active
If the failover link is down at
startup, both units become active.
No action
State information becomes out of
date, and sessions are terminated if
a failover occurs.
Become active
None.
Mark standby as
When the standby unit is marked as
failed
failed, then the active unit does not
attempt to fail over even if the
interface failure threshold is
surpassed.
Cisco Security Appliance Command Line Configuration Guide
Understanding Failover
14-9
Advertisement
Table of Contents
Troubleshooting
