Solved: firewall failover

suthomas1 · ‎02-18-2010

Friends,

here is the setup :

firewall1- Standby(failed)

firewall2- Active

these are firewall modules. out of some reason(which i need to find) , primary module suddenly stopped responding and failed over seemlessly to the secondary making it the active.( Switch fabrics remain in normal state with no hsrp failover).

I need to reload the now failed module. the only way i see is to reset module within switch fabric.this brings me to some doubts:

1. would the now active(fw2) go back to secondary state if failed module(fw1) is reset ( i.e. would fw1 become active again)

2. will this cause a disruption in traffic flow, if so what is the expected duration

3. all the interfaces on the failed one show as not monitored, apart from physical issues, is there anything else we need to look upon

Appreciate all your help on this.

Thanks in Advance.

francisco_1 · ‎02-18-2010

When you bring up the failed module, it will stay as the seconday

The only time a failed module will preempt it when you are using acti/active with preempt enable. In your case you are using active/standby.

Franco

View solution in original post

francisco_1 · ‎02-18-2010

When you bring up the failed module, it will stay as the seconday

The only time a failed module will preempt it when you are using acti/active with preempt enable. In your case you are using active/standby.

Franco

suthomas1 · ‎02-18-2010

thanks, if i do a no failover active, will the current fw1 become active.

francisco_1 · ‎02-18-2010

Yes.

The "no failover active" command you can run on the active unit to Force a failover to the standby unit in your case which is now the fw1