FWSM Failover

Unanswered Question
Jul 16th, 2009

Folks,

I have a question regarding FWSM failover. I was reading the documentation and it said that hellos are sent out over the failover link as well as all the interfaces. If any of the interfaces goes down the firewall is declaired down???

what is the concept of monitor-interface then? I am confussed please help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Thu, 07/16/2009 - 19:29

You can read about monitor-interface command here:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/m.html#wp1701962

What you read is correct. Hello messages are sent over the failover link as well as other interfaces.

Both units keep a check on the other. If at any time one unit ends up less healthy (less interfaces up or other hardware failure) then, the healthier of the two will take over as the active unit.

NAVIN PARWAL Thu, 07/16/2009 - 20:09

if that is the case ( firewalls monitoring each other to see who is healthy based on interface status then why do we need monitor-interface command?

Actions

This Discussion