FWSM : Failover Off (pseudo-Standby)

Answered Question
Nov 4th, 2008

Hello !!!!,

We are running FWSM Firewall Version 3.2(1). In multi context mode with Interchassie (2 boxes of 6509 ) failover

I have FWSM Failover problem.

Primary Box sh failover output

****

This context: Active

Peer context: Failed

Secondary Box shows

*******

Failover Off (pseudo-Standby)

Failover unit Secondary

Failover LAN Interface: faillink Vlan x (up)

Unit Poll frequency 1 seconds, holdtime 15 seconds

Interface Poll frequency 15 seconds

Interface Policy 4

Monitored Interfaces 46 of 250 maximum

failover replication http

Can some one please guide with the

1. reason behind Failover got off on secondary box

2. What can be done to recover from this state.

3 What are the impact of this if not recovered.

Thanks in Advance

Regards

Yogesh

India

Correct Answer by Farrukh Haroon about 8 years 3 months ago

Yes do a 'write mem'. It seems you are missing an IP on the nattest interface and also you are missing vlans Safeco and Bizco on the secondary core switch.

Do a show vlan on the secondary switch and see if these vlans exists and are ACTIVE!

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
yogesh.suryawanshi Tue, 11/04/2008 - 03:09

Thanks Farrukh for reply,

Have checked & gone through the config & firewall group on core switch.

Vlan config is not mismatch...

Have tried "write standby" on primary box but no use...

please advice

Farrukh Haroon Tue, 11/04/2008 - 04:00

Please check the trunk between the two switches to make sure all these vlans are allowed.

Can you post 'show failover' from both ends?

Regards

Farrukh

Farrukh Haroon Tue, 11/04/2008 - 05:24

Your failover is disabled on the secondary unit. It seems you have done some misconfiguration for these two vlans:

project Interface Safeco (10.33.56.15): No Link (Waiting)

project Interface Bizzapps (10.33.60.15): Unknown (Waiting)

They should be 'Normal' if you VLANS are ocnfigured properly.

Also put 'failover' command on secondar box if its not already there.

Regards

Farrukh

yogesh.suryawanshi Wed, 11/05/2008 - 02:25

Thanks for your valuable inputs.

Now it is sure where the problem is , with above 2 interfaces...

I have gone through configuration of the above mention interfaces & Vlan. Vlan configuration is perfectly right....

Noticed one thing : On Primary FWSM (Admin context)interfaces of the above 2 interface are exist....but if i look in the admin context of Secondary FWSM i do not see those interfaces.....it may be because of why it has status of no link & Unknown...

but wondering how it has like this...vlan's assigned on to both box ,Vlan groups are identical...above interfaces host are accessing resources using FWSM...means interface in Primary providing service & it is working...

Appreciate if you will help me to dig out this issue...

Thanks

Yogesh

Farrukh Haroon Wed, 11/05/2008 - 03:39

Is it possible to post the configuration for the secondary box? and also the

"show run | inc firewall" from both switches. Also make sure the VLANs are created on both switches and the relevant SVIs exist on the firewall.

Regards

Farrukh

Farrukh Haroon Wed, 11/05/2008 - 05:39

Please go to the secondary unit and enter the following commands:

no failover

failover

Regards

Farrukh

yogesh.suryawanshi Wed, 11/05/2008 - 05:51

Hi Farrukh,

This option looks fine.

Does these commands are service affecting?

Do i have run write standby command after executing above mention commands.

Thanks

Yogesh

Correct Answer
Farrukh Haroon Wed, 11/05/2008 - 05:54

Yes do a 'write mem'. It seems you are missing an IP on the nattest interface and also you are missing vlans Safeco and Bizco on the secondary core switch.

Do a show vlan on the secondary switch and see if these vlans exists and are ACTIVE!

Regards

Farrukh

yogesh.suryawanshi Fri, 11/21/2008 - 02:20

Hello Farrukh ,

Soluation provided by you is worked & failover started sucessfully without any cause to network.......

Manay Many thanks for advice...

Actions

This Discussion