Cisco ASA 5505 Configuration Manual page 1228

Configuring Active/Standby Failover
Monitored failover interfaces can have the following status:
•
•
•
•
•
•
To enable or disable health monitoring for specific interfaces on units in single configuration mode, enter
one of the following commands. Alternately, for units in multiple configuration mode, you must enter
the commands within each security context.
To disable or enable monitoring of an interface, follow these steps:
Step 1 Open the Configuration > Device Management > High Availability > Failover > Interfaces tab.
A list of configured interfaces appears. The Monitored column displays whether or not an interface is
monitored as part of your failover criteria. If it is monitored, a check appears in the Monitored checkbox.
To disable monitoring of a listed interface, uncheck the Monitored checkboxfor the interface.
Step 2
Step 3 To enable monitoring of a listed interface, check the Monitored checkbox for the interface.
Configuring Failover Criteria
You can specify a specific number of interface or a percentage of monitored interfaces that must fail be
fore failover occurs. By default, a single interface failure causes failover.
Use the Configuration > Device Management > High Availability > Criteria tab to define criteria for
failover, such as how many interfaces must fail and how long to wait between polls. The hold time
specifies the interval to wait without receiving a response to a poll before unit failover.
For information about configuring the hold and poll times, see
Poll Times, page
To configure the interface policy, follow these steps:
Step 1 Open the Configuration > Device Management > High Availability > Failover > Criteria tab.
Step 2 In the Interface Policy area, do one of the following:
•
•
Click Apply.
Step 3
Cisco ASA 5500 Series Configuration Guide using ASDM
59-10
Unknown—Initial status. This status can also mean the status cannot be determined.
Normal—The interface is receiving traffic.
Testing—Hello messages are not heard on the interface for five poll times.
Link Down—The interface or VLAN is administratively down.
No Link—The physical link for the interface is down.
Failed—No traffic is received on the interface, yet traffic is heard on the peer interface.
59-11.
To define a specific number of interfaces that must fail to trigger failover, enter a number from 1 to
250 in the Number of failed interfaces field. When the number of failed monitored interfaces
exceeds the value you specify, the adaptive security appliance fails over.
To define a percentage of configured interfaces that must fail to trigger failover, enter a percentage
in the Percentage of failed interfaces field. When the number of failed monitored interfaces
exceeds the percentage you set, the adaptive security appliance fails over.
Chapter 59 Configuring Active/Standby Failover
Configuring the Unit and Interface Health
OL-20339-01