I am testing the failover process (Active / Standby) on the FWSM modules.
Setup: (2) cat6506's
(2) FWSM modules configured
Switch#1 - hosts primary FWSM
Switch#2 - hosts secondary FWSM
Switch#3 - Internet/Gateway router
I have the FWSM configured to monitor the "outside" interface. The "outside" interface is on vlan 100. On switch#1 vlan 100 is only assigned to one physical port that is connected to switch#3 (duplicated on switch#2).
In order to test failover I disconnect the cable that provides the link between switch#1 and switch#3.
The primary FWSM does fail over to the Secondary FWSM, but it takes 12 -14 seconds. I have the failover criteria set to the minimum parameters.
The 12-14 seconds that it takes to failover is to long. I beleive that duirng this time period any TCP sessions would be timed out.
Is there a better way to configure / design this setup in order to provide a failover scenario that would not drop the tcp sessions ?
Is there a way to associate the SVI interface on the FWSM module to a physical interface on the switch ? So that if the physical link changes state to down, the SVI interface on the FWSM would change state to down.