carl_townshend Mon, 09/01/2008 - 03:32
User Badges:

hi there


I have seen a video on this topic, it says no setup is needed on the secondary unit except an ip and https access.


Can anyone add to this, I just need the minimum commands required to setup stateful failover via my management interface, and what commands I can see who is active, and how to do a manual failover ?

Marwan ALshawi Mon, 09/01/2008 - 03:51
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

Note that you must configure the failover key command on the secondary firewall so that it can receive

the configuration from the primary firewall .

failover

failover lan unit secondary

failover lan interface faillink [interface]

failover key [urkey]


failover interface ip faillink [ip] standby [ip]


use

show failover to see the failover status


if u wanna manully make the secondary firewall as the active one do the following command


failover active


good luck


please, if helpful Rate

carl_townshend Mon, 09/01/2008 - 04:53
User Badges:

are you sure I need to enable all this on the secondary device?


do i need to type all that in on the secondary firewall? and what is the failover command on its own used for at the top of the below config


"failover

failover lan unit secondary

failover lan interface faillink [interface]

failover key [urkey]


failover interface ip faillink [ip] standby [ip]"



Marwan ALshawi Mon, 09/01/2008 - 04:55
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

only this thats it

ant other config like ACLs nating and so on will be transfered automaticly


carl_townshend Tue, 09/02/2008 - 03:10
User Badges:

so do I make the ip address on the interface exactly the same as the primary box, then when I define as secondary is automatically uses the standby address? and how do I make it a stateful failover using the same interface ?

carl_townshend Thu, 09/04/2008 - 08:29
User Badges:

Hi all, can anyone help with this?


Also do I have to have a secondary ip address for all interfaces? even if im using the management port for my dedicated link?


Thanks

francisco_1 Thu, 09/04/2008 - 08:42
User Badges:
  • Gold, 750 points or more

with the management, you will need to manage both devices seperately so yes you need to have a standby IP address for your management interface as well. you synch STBY IP's from the Active ASA. If you dont want to failover an interface, then no need for a STBY IP as long as Monitored is not setup on the interface.

carl_townshend Thu, 09/04/2008 - 09:40
User Badges:

I dont understand what you are saying here? do you mean if I want to have all interfaces monitored, then put a standby ip on all of them? if I use a dedicated management interface for my failover, can I just have the standby ip address on that?

and when I configure my secondary box, do I put the config for the interfaces exactly the same as the primary one? i.e interface ip ad standby ip addresses exactly the same on each box?

carl_townshend Tue, 02/03/2009 - 03:44
User Badges:

Hi There


I have read the document, however, I have a question, do I need to add standby ip addresses for all my interfaces ? I want to me able to manage the secondary one from any interface using the secondary ip address.


please can you let me know


thanks for the help


Carl

hunnetvl01 Tue, 02/03/2009 - 04:26
User Badges:

I suppose it is in router mode,

so YES you have to have a standby IP for each interface!

Regards,

vlad

Actions

This Discussion