Solved: not monitored interface on firewall

suthomas1 · ‎11-09-2009

output to view failover status gives "not monitored" states on the available interface although all of the interfaces are up & passing traffic. same is the case with other unit.

Please advise how to deal with this.

Thanks!

JORGE RODRIGUEZ · ‎11-10-2009

Sunny,

in your primary asa issue:

monitor-interface Zone1

monitor-interface Zone2

- wait few seconds , then issue "show failover" monitor status on the interfaces should be normal

Regards

Jorge Rodriguez

View solution in original post

JORGE RODRIGUEZ · ‎11-09-2009

Can you post the actual output of show failover from primary-active fw.

if your firewall logical interfaces have the (no monitored) output by defaul logical interfaces are not monitored thus you will need to issue from the active firewall monitor-interface nameif .

asa(config)#monitor-interface

Regards

Jorge Rodriguez

suthomas1 · ‎11-10-2009

Sh failov with values changed:

Interface Zone1 (10.11.2.3): Normal (Not-Monitored)

Zone2 (10.12.3.4): Normal (Not-Monitored)

There is no problem in passing traffic across these firewalls.

failover

failover lan unit primary

failover preempt 120

failover lan interface Failover Vlan155

failover link Stateful_Link Vlan154

failover interface ip Failover 10.2.155.251 255.255.255.252 standby 10.2.155.250

failover interface ip Stateful_Link 10.2.155.249 255.255.255.252 standby 10.2.155.248

francisco_1 · ‎11-10-2009

In order to enable health monitoring on a specific interface, use the monitor-interface command in global configuration mode: monitor-interface

Even if you are not monitoring an interface, the interface will still pass data traffic!

JORGE RODRIGUEZ · ‎11-10-2009

Sunny,

in your primary asa issue:

monitor-interface Zone1

monitor-interface Zone2

- wait few seconds , then issue "show failover" monitor status on the interfaces should be normal

Regards

Jorge Rodriguez