Cisco PIX 500 Series Configuration Manual page 229

Chapter 14 Configuring Failover
For multiple context mode, when you enter the write standby command in the system execution space,
all contexts are replicated. If you enter the write standby command within a context, the command
replicates only the context configuration.
Replicated commands are stored in the running configuration. To save the replicated commands to the
Flash memory on the standby unit:
•
•
Failover Triggers
The unit can fail if one of the following events occurs:
•
•
•
•
Failover Actions
In Active/Standby failover, failover occurs on a unit basis. Even on systems running in multiple context
mode, you cannot fail over individual or groups of contexts.
Table 14-1
failover policy (failover or no failover), the action taken by the active unit, the action taken by the
standby unit, and any special notes about the failover condition and actions.
Table 14-1 Failover Behavior
Failure Event
Active unit failed (power or
hardware)
Formerly active unit recovers No failover
Standby unit failed (power or
hardware)
Failover link failed during
operation
OL-12172-03
For single context mode, enter the copy running-config startup-config command on the active unit.
The command is replicated to the standby unit, which proceeds to write its configuration to Flash
memory.
For multiple context mode, enter the copy running-config startup-config command on the active
unit from the system execution space and within each context on disk. The command is replicated
to the standby unit, which proceeds to write its configuration to Flash memory. Contexts with startup
configurations on external servers are accessible from either unit over the network and do not need
to be saved separately for each unit. Alternatively, you can copy the contexts on disk from the active
unit to an external server, and then copy them to disk on the standby unit.
The unit has a hardware failure or a power failure.
The unit has a software failure.
Too many monitored interfaces fail.
The no failover active command is entered on the active unit or the failover active command is
entered on the standby unit.
shows the failover action for each failure event. For each failure event, the table shows the
Policy Active Action
Failover n/a
Become standby
No failover Mark standby as
failed
No failover Mark failover
interface as failed
Standby Action Notes
Become active No hello messages are received on
any monitored interface or the
Mark active as
failover link.
failed
No action None.
n/a When the standby unit is marked as
failed, then the active unit does not
attempt to fail over, even if the
interface failure threshold is
surpassed.
Mark failover You should restore the failover link
interface as failed as soon as possible because the
unit cannot fail over to the standby
unit while the failover link is down.
Cisco Security Appliance Command Line Configuration Guide
Understanding Failover
14-9