Cisco FirePOWER ASA 5500 series Configuration Manual page 226

Configuring Failover
Enabling HTTP Replication with Stateful Failover
To allow HTTP connections to be included in the state information replication, you need to enable HTTP
replication. Because HTTP connections are typically short-lived, and because HTTP clients typically
retry failed connection attempts, HTTP connections are not automatically included in the replicated state
information.
Enter the following command in global configuration mode to enable HTTP state replication when
Stateful Failover is enabled:
hostname(config)# failover replication http
Disabling and Enabling Interface Monitoring
By default, monitoring physical interfaces is enabled and monitoring subinterfaces is disabled. You can
monitor up to 250 interfaces on a unit. You can control which interfaces affect your failover policy by
disabling the monitoring of specific interfaces and enabling the monitoring of others. This lets you
exclude interfaces attached to less critical networks from affecting your failover policy.
For units in multiple configuration mode, use the following commands to enable or disable health
monitoring for specific interfaces:
•
•
For units in single configuration mode, use the following commands to enable or disable health
monitoring for specific interfaces:
•
•
Configuring Interface Health Monitoring
The security appliance sends hello packets out of each data interface to monitor interface health. If the
security appliance does not receive a hello packet from the corresponding interface on the peer unit for
over half of the hold time, then the additional interface testing begins. If a hello packet or a successful
test result is not received within the specified hold time, the interface is marked as failed. Failover occurs
if the number of failed interfaces meets the failover criteria.
Decreasing the poll and hold times enables the security appliance to detect and respond to interface
failures more quickly, but may consume more system resources.
To change the interface poll time, enter the following command in global configuration mode:
hostname(config)# failover polltime interface [msec] time [holdtime time]
Cisco Security Appliance Command Line Configuration Guide
14-24
To disable health monitoring for an interface, enter the following command within a context:
hostname/context(config)# no monitor-interface if_name
To enable health monitoring for an interface, enter the following command within a context:
hostname/context(config)# monitor-interface if_name
To disable health monitoring for an interface, enter the following command in global configuration
mode:
hostname(config)# no monitor-interface if_name
To enable health monitoring for an interface, enter the following command in global configuration
mode:
hostname(config)# monitor-interface if_name
Chapter 14 Configuring Failover
OL-10088-01