Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Active/active failover in FWSM - silly question

Hello

I have two 6500 switches, each with a FWSM running OS version 3.1(4).

I configured active/standby failover, followed by active/active failover. The configs for both types of failover look very similar. The only additions for active/active seem to be

! context system

failover group 1

primary

admin-context admin

context admin

join-failover-group 1

context abc

join-failover-group 1

Is this all? Results displayed by the "show failover" command also look very similar. There is nothing to indicate an active/active configuration or active/standby. Is there a simple way to be 100% sure what type of failover is configured?

Thank you,

Cristian

File with "show failover" results as attachment

2 REPLIES
jim
New Member

Re: Active/active failover in FWSM - silly question

You need to configure a second group which the secondary fwsm will be a primary.

#blade 1

Failover group 1

failover group 2

secondary

#blade 2

failover group 2

failover group 1

secondary

#sho failover

Failover On

Failover unit Secondary

Failover LAN Interface: FAILOVER Management0/0 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 3 of 250 maximum

Version: Ours 7.2(2), Mate 7.2(2)

Group 1 last failover at: 06:49:56 EST Jan 8 2007 Group 2 last failover at: 06:49:56 EST Jan 8 2007

This host: Secondary

Group 1 State: Active

Active time: 414641 (sec)

Group 2 State: Active

Active time: 70040 (sec)

slot 0: ASA5510 hw/sw rev (1.1/7.2(2)) status (Up Sys)

admin Interface outside (12.109.107.5): Normal

admin Interface inside (172.16.0.5): Normal

admin Interface DMZ (10.0.0.1): Normal

admin Interface management (172.16.255.51): Normal (Not-Monito

red)

slot 1: ASA-SSM-10 hw/sw rev (1.0/5.0(2)S152.0) status

(Up/Up)

IPS, 5.0(2)S152.0, Up

Other host: Primary

Group 1 State: Standby Ready

Active time: 0 (sec)

Group 2 State: Standby Ready

Active time: 0 (sec)

slot 0: ASA5510 hw/sw rev (1.1/7.2(2)) status (Up Sys)

admin Interface outside (12.109.107.24): Normal

admin Interface inside (172.16.0.24): Normal

admin Interface DMZ (10.0.0.2): Normal

admin Interface management (0.0.0.0): Normal

(Not-Monitored)

slot 1: ASA-SSM-10 hw/sw rev (1.0/5.1(1)S205.0) status

(Up/Up)

IPS, 5.1(1)S205.0, Up

Stateful Failover Logical Update Statistics

Link : FAILOVER Management0/0 (up)

Stateful Obj xmit xerr rcv rerr

General 105117 0 62565 0

sys cmd 55988 0 55988 0

up time 0 0 0 0

RPC services 0 0 0 0

TCP conn 2725 0 6299 0

UDP conn 32 0 0 0

ARP tbl 46372 0 278 0

Xlate_Timeout 0 0 0 0

Logical Update Queue Information

Cur Max Total

Recv Q: 0 1 62565

Xmit Q: 0 1 105117

New Member

Re: Active/active failover in FWSM - silly question

Thank you, Jim

So, the active/active configuration means that each firewall can be primary for one context, and secondary for another context. It's just an active/standby config, but the primary and secondary roles can be allocated to firewalls per context.

I expected a different behavior, the active/active designation seemed to indicate that both firewalls can process traffic for the same context at the same time.

Thank you,

Cristian

762
Views
0
Helpful
2
Replies
CreatePlease login to create content