Cisco FirePOWER ASA 5500 series Configuration Manual page 214
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Understanding Failover
•
Failure to enter the commands on the appropriate unit for command replication to occur causes the
configurations to be out of synchronization. Those changes may be lost the next time the initial
configuration synchronization occurs.
You can use the write standby command to resynchronize configurations that have become out of sync.
For Active/Active failover, the write standby command behaves as follows:
•
•
Replicated commands are not saved to the Flash memory when replicated to the peer unit. They are
added to the running configuration. To save replicated commands to Flash memory on both units, use
the write memory or copy running-config startup-config command on the unit that you made the
changes on. The command is replicated to the peer unit and cause the configuration to be saved to Flash
memory on the peer unit.
Failover Triggers
In Active/Active failover, failover can be triggered at the unit level if one of the following events occurs:
•
•
•
•
Failover is triggered at the failover group level when one of the following events occurs:
•
•
You configure the failover threshold for each failover group by specifying the number or percentage of
interfaces within the failover group that must fail before the group fails. Because a failover group can
contain multiple contexts, and each context can contain multiple interfaces, it is possible for all
interfaces in a single context to fail without causing the associated failover group to fail.
See the
unit monitoring.
Cisco Security Appliance Command Line Configuration Guide
14-12
Commands entered in the admin context are replicated from the unit on which failover group 1 is in
the active state to the unit on which failover group 1 is in the standby state.
If you enter the write standby command in the system execution space, the system configuration
and the configurations for all of the security contexts on the security appliance is written to the peer
unit. This includes configuration information for security contexts that are in the standby state. You
must enter the command in the system execution space on the unit that has failover group 1 in the
active state.
If there are security contexts in the active state on the peer unit, the write standby command
Note
causes active connections through those contexts to be terminated. Use the failover active
command on the unit providing the configuration to make sure all contexts are active on that
unit before entering the write standby command.
If you enter the write standby command in a security context, only the configuration for the security
context is written to the peer unit. You must enter the command in the security context on the unit
where the security context appears in the active state.
The unit has a hardware failure.
The unit has a power failure.
The unit has a software failure.
The no failover active or the failover active command is entered in the system execution space.
Too many monitored interfaces in the group fail.
The no failover active group group_id or failover active group group_id command is entered.
"Failover Health Monitoring" section on page 14-15
Chapter 14
Configuring Failover
for more information about interface and
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
