Cisco ASA 5505 Configuration Manual page 1249

Chapter 60 Configuring Active/Active Failover
During a successful failover event on the adaptive security appliance, the interfaces are brought down,
Note
roles are switched (IP addresses and MAC addresses are swapped), and the interfaces are brought up
again. However, the process is transparent to users. The adaptive security appliance does not send
link-down messages or system log messages to notify users that interfaces were taken down during
failover (or link-up messages for interfaces brought up by the failover process).
When configuring Active/Active failover, make sure that the combined traffic for both units is within the
Note
capacity of each unit.
Fields
•
•
•
•
Add/Edit Failover Group
Use the Add/Edit Failover Group dialog box to define failover groups for an Active/Active failover
configuration.
OL-20339-01
Failover Groups—Lists the failover groups currently defined on the adaptive security appliance.
Group Number—Specifies the failover group number. This number is used when assigning
–
contexts to failover groups.
Preferred Role—Specifies the unit in the failover pair, primary or secondary, on which the
–
failover group appears in the active state when both units start up simultaneously or when the
preempt option is specified. You can have both failover groups be in the active state on a single
unit in the pair, with the other unit containing the failover groups in the standby state. However,
a more typical configuration is to assign each failover group a different role preference to make
each one active on a different unit, balancing the traffic across the devices.
Preempt Enabled—Specifies whether the unit that is the preferred failover device for this
–
failover group should become the active unit after rebooting.
Preempt Delay—Specifies the number of seconds that the preferred failover device should wait
–
after rebooting before taking over as the active unit for this failover group. The range is between
0 and 1200 seconds.
– Interface Policy—Specifies either the number of monitored interface failures or the percentage
of failures that are allowed before the group fails over. The range is between 1 and 250 failures
or 1 and 100 percent.
Interface Poll Time—Specifies the amount of time between polls among interfaces. The range
–
is between 1 and 15 seconds.
Replicate HTTP—Identifies whether Stateful Failover should copy active HTTP sessions to the
–
standby firewall for this failover group. If you do not allow HTTP replication, then HTTP
connections are disconnected at failover. Disabling HTTP replication reduces the amount of
traffic on the state link. This setting overrides the HTTP replication setting on the Setup tab.
Add—Displays the Add Failover Group dialog box. This button is only enabled if less than 2
failover groups exist. See
Edit—Displays the Edit Failover Group dialog box for the selected failover group. See
Failover Group for more information.
Delete—Removes the currently selected failover group from the failover groups table. This button
is only enabled if the last failover group in the list is selected.
Add/Edit Failover Group for more information.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring Active/Active Failover
Add/Edit
60-13