Cisco FirePOWER ASA 5500 series Configuration Manual page 215
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
Failover Actions
In an Active/Active failover configuration, failover occurs on a failover group basis, not a system basis.
For example, if you designate both failover groups as active on the primary unit, and failover group 1
fails, then failover group 2 remains active on the primary unit while failover group 1 becomes active on
the secondary unit.
When configuring Active/Active failover, make sure that the combined traffic for both units is within the
Note
capacity of each unit.
Table 14-2
or not failover occurs), actions for the active failover group, and actions for the standby failover group
are given.
Table 14-2
Failover Behavior for Active/Active Failover
Failure Event
A unit experiences a power or
software failure
Interface failure on active failover
group above threshold
Interface failure on standby failover
group above threshold
Formerly active failover group
recovers
Failover link failed at startup
Stateful Failover link failed
Failover link failed during operation
OL-10088-01
shows the failover action for each failure event. For each failure event, the policy (whether
Active Group
Policy
Action
Failover
Become standby
Mark as failed
Failover
Mark active
group as failed
No failover No action
No failover No action
No failover Become active
No failover No action
No failover n/a
Standby Group
Action
Notes
Become active
When a unit in a failover pair fails,
any active failover groups on that
Mark active as
unit are marked as failed and
failed
become active on the peer unit.
Become active
None.
Mark standby
When the standby failover group is
group as failed
marked as failed, the active failover
group does not attempt to fail over,
even if the interface failure
threshold is surpassed.
No action
Unless configured with the
preempt command, the failover
groups remain active on their
current unit.
Become active
If the failover link is down at
startup, both failover groups on
both units become active.
No action
State information becomes out of
date, and sessions are terminated if
a failover occurs.
n/a
Each unit marks the failover
interface as failed. You should
restore the failover link as soon as
possible because the unit cannot fail
over to the standby unit while the
failover link is down.
Cisco Security Appliance Command Line Configuration Guide
Understanding Failover
14-13
Advertisement
Table of Contents
Troubleshooting
