Active/Active firewall

Unanswered Question
Apr 14th, 2008

On an Active/Active firewall configuration with Standby addresses configured what will happen if the Active interface goes down?


In our setup the firewall did not fail over. But it did fail over for the interfaces which did not have an IP address configured.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mvandorp Tue, 04/15/2008 - 01:57

ASA, FWSM? Routed, Transparent?


On FWSM, we use Active-Active in both routed and transparent. We use link-monitoring to determine which interfaces initiate a failover.


It will not work with 2 FWSMs in the same chassis, because the VLAN-interface only goes down when there are no other active ports. With 2 FWSMs in that VLAN, the interface does not go down.


When in different chassis, make sure only one port on the switch is in that VLAN (only int vlan x *OR* switchport access VLAN x, but not both), otherwise the link will not fail on the FWSM.


Hope this helps,


Marcel


Actions

This Discussion