Configuring Lan-Based Active/Active Failover - Cisco FirePOWER ASA 5500 series Configuration Manual

Configuring Failover
hostname(config)# context context_name
hostname(config-context)# join-failover-group {1 | 2}
hostname(config-context)# exit
Enable failover:
Step 7
hostname(config)# failover
Power on the secondary unit and enable failover on the unit if it is not already enabled:
Step 8
hostname(config)# failover
The active unit sends the configuration in running memory to the standby unit. As the configuration
synchronizes, the messages "Beginning configuration replication: Sending to mate" and "End
Configuration Replication to mate" appear on the primary console.
Save the configuration to Flash memory on the Primary unit. Because the commands entered on the
Step 9
primary unit are replicated to the secondary unit, the secondary unit also saves its configuration to Flash
memory.
hostname(config)# copy running-config startup-config
If necessary, force any failover group that is active on the primary to the active state on the secondary.
Step 10
To force a failover group to become active on the secondary unit, issue the following command in the
system execution space on the primary unit:
hostname# no failover active group group_id
The group_id argument specifies the group you want to become active on the secondary unit.

Configuring LAN-Based Active/Active Failover

This section describes how to configure Active/Active failover using an Ethernet failover link. When
configuring LAN-based failover, you must bootstrap the secondary device to recognize the failover link
before the secondary device can obtain the running configuration from the primary device.
This section includes the following topics:
•
•
Configure the Primary Unit
To configure the primary unit in an Active/Active failover configuration, perform the following steps:
Step 1 If you have not done so already, configure the active and standby IP addresses for each data interface
(routed mode), for the management IP address (transparent mode), or for the management-only
interface. The standby IP address is used on the security appliance that is currently the standby unit. It
must be in the same subnet as the active IP address.
You must configure the interface addresses from within each context. Use the changeto context
command to switch between contexts. The command prompt changes to
hostname/context(config-if)#
firewall mode, you must enter a management IP address for each context.
Cisco Security Appliance Command Line Configuration Guide
14-28
Configure the Primary Unit, page 14-28
Configure the Secondary Unit, page 14-30
, where context is the name of the current context. In transparent
Chapter 14 Configuring Failover
OL-10088-01