Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4668
Views
4
Helpful
4
Replies

not monitored interface on firewall

Go to solution
suthomas1
Level 6
Level 6

‎11-09-2009 08:21 AM - edited ‎03-11-2019 09:38 AM

output to view failover status gives "not monitored" states on the available interface although all of the interfaces are up & passing traffic. same is the case with other unit.

Please advise how to deal with this.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to suthomas1

‎11-10-2009 01:17 PM

Sunny,

in your primary asa issue:

monitor-interface Zone1

monitor-interface Zone2

- wait few seconds , then issue "show failover" monitor status on the interfaces should be normal

Regards

Jorge Rodriguez

View solution in original post

0 Helpful
4 Replies 4

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎11-09-2009 12:24 PM

Can you post the actual output of show failover from primary-active fw.

if your firewall logical interfaces have the (no monitored) output by defaul logical interfaces are not monitored thus you will need to issue from the active firewall monitor-interface nameif .

asa(config)#monitor-interface

Regards

Jorge Rodriguez
0 Helpful

Go to solution
suthomas1
Level 6
Level 6
In response to JORGE RODRIGUEZ

‎11-10-2009 03:46 AM

Sh failov with values changed:

Interface Zone1 (10.11.2.3): Normal (Not-Monitored)

Zone2 (10.12.3.4): Normal (Not-Monitored)

There is no problem in passing traffic across these firewalls.

failover

failover lan unit primary

failover preempt 120

failover lan interface Failover Vlan155

failover link Stateful_Link Vlan154

failover interface ip Failover 10.2.155.251 255.255.255.252 standby 10.2.155.250

failover interface ip Stateful_Link 10.2.155.249 255.255.255.252 standby 10.2.155.248

0 Helpful

Go to solution
francisco_1
Level 7
Level 7
In response to suthomas1

‎11-10-2009 04:04 AM

In order to enable health monitoring on a specific interface, use the monitor-interface command in global configuration mode: monitor-interface

Even if you are not monitoring an interface, the interface will still pass data traffic!

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to suthomas1

‎11-10-2009 01:17 PM

Sunny,

in your primary asa issue:

monitor-interface Zone1

monitor-interface Zone2

- wait few seconds , then issue "show failover" monitor status on the interfaces should be normal

Regards

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card