FWSM Failover

Unanswered Question
Jul 16th, 2009
User Badges:


I have a question regarding FWSM failover. I was reading the documentation and it said that hellos are sent out over the failover link as well as all the interfaces. If any of the interfaces goes down the firewall is declaired down???

what is the concept of monitor-interface then? I am confussed please help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Thu, 07/16/2009 - 19:29
User Badges:
  • Cisco Employee,

You can read about monitor-interface command here:


What you read is correct. Hello messages are sent over the failover link as well as other interfaces.

Both units keep a check on the other. If at any time one unit ends up less healthy (less interfaces up or other hardware failure) then, the healthier of the two will take over as the active unit.

NAVIN PARWAL Thu, 07/16/2009 - 20:09
User Badges:

if that is the case ( firewalls monitoring each other to see who is healthy based on interface status then why do we need monitor-interface command?


This Discussion