pix 535 failure issue on active atanby configuration while adding interface card

Answered Question
Apr 8th, 2010

for my one of the setup i have two pix 535 configured in active -standby mode .i want to insert the interface card on both of the firewalll without disturbing any services or rather you can say zero downtime

but acoording to the documents i suspect i could acheive it .

help me  how can i acheive the above

i am thinking first i will change interface card on standby then i will go with active but the problem i suspect after finishing  addition of the card card in standby the failover should have issue as the number of the interfaces could not match on both firewall .so i also suspect i can make the standby to be active forcefully

pls suggest how should i go

I have this problem too.
0 votes
Correct Answer by Kureli Sankar about 6 years 8 months ago

As you already guessed this is not possible.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_overview.html#wp1077521

Pls. refer the above link.  Failover will disable itself when one unit has extra module that the other one doesn't.

Best option is to reload both of them at the same time or shut the sec/standby down, get the card in and get it ready. Then shut the pri/active unit down and fireup the sec/standby unit so it will come up sec/act. Then put the card back in the pri/act unit and fire it back up and it will come up as pri/standby.

You will definitely have a min. of 10-15 min. downtime until the unit reboots.

-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Kureli Sankar Thu, 04/08/2010 - 19:09

As you already guessed this is not possible.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_overview.html#wp1077521

Pls. refer the above link.  Failover will disable itself when one unit has extra module that the other one doesn't.

Best option is to reload both of them at the same time or shut the sec/standby down, get the card in and get it ready. Then shut the pri/active unit down and fireup the sec/standby unit so it will come up sec/act. Then put the card back in the pri/act unit and fire it back up and it will come up as pri/standby.

You will definitely have a min. of 10-15 min. downtime until the unit reboots.

-KS

Actions

This Discussion