60-13
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 60 Configuring Active/Active Failover
Configuring Active/Active Failover
Note During a successful failover event on the adaptive security appliance, the interfaces are brought down,
roles are switched (IP addresses and MAC addresses are swapped), and the interfaces are brought up
again. However, the process is transparent to users. The adaptive security appliance does not send
link-down messages or system log messages to notify users that interfaces were taken down during
failover (or link-up messages for interfaces brought up by the failover process).
Note When configuring Active/Active failover, make sure that the combined traffic for both units is within the
capacity of each unit.
Fields
• Failover Groups—Lists the failover groups currently defined on the adaptive security appliance.
–
Group Number—Specifies the failover group number. This number is used when assigning
contexts to failover groups.
–
Preferred Role—Specifies the unit in the failover pair, primary or secondary, on which the
failover group appears in the active state when both units start up simultaneously or when the
preempt option is specified. You can have both failover groups be in the active state on a single
unit in the pair, with the other unit containing the failover groups in the standby state. However,
a more typical configuration is to assign each failover group a different role preference to make
each one active on a different unit, balancing the traffic across the devices.
–
Preempt Enabled—Specifies whether the unit that is the preferred failover device for this
failover group should become the active unit after rebooting.
–
Preempt Delay—Specifies the number of seconds that the preferred failover device should wait
after rebooting before taking over as the active unit for this failover group. The range is between
0 and 1200 seconds.
–
Interface Policy—Specifies either the number of monitored interface failures or the percentage
of failures that are allowed before the group fails over. The range is between 1 and 250 failures
or 1 and 100 percent.
–
Interface Poll Time—Specifies the amount of time between polls among interfaces. The range
is between 1 and 15 seconds.
–
Replicate HTTP—Identifies whether Stateful Failover should copy active HTTP sessions to the
standby firewall for this failover group. If you do not allow HTTP replication, then HTTP
connections are disconnected at failover. Disabling HTTP replication reduces the amount of
traffic on the state link. This setting overrides the HTTP replication setting on the Setup tab.
• Add—Displays the Add Failover Group dialog box. This button is only enabled if less than 2
failover groups exist. See Add/Edit Failover Group for more information.
• Edit—Displays the Edit Failover Group dialog box for the selected failover group. See Add/Edit
Failover Group for more information.
• Delete—Removes the currently selected failover group from the failover groups table. This button
is only enabled if the last failover group in the list is selected.
Add/Edit Failover Group
Use the Add/Edit Failover Group dialog box to define failover groups for an Active/Active failover
configuration.
To Next Page
Loading...
Need help?
General
