Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

firewall failover

Friends,

here is the setup :

firewall1- Standby(failed)

firewall2- Active

these are firewall modules. out of some reason(which i need to find) , primary module suddenly stopped responding and failed over seemlessly to the secondary making it the active.( Switch fabrics remain in normal state with no hsrp failover).

I need to reload the now failed module. the only way i see is to reset module within switch fabric.this brings me to some doubts:

1. would the now active(fw2) go back to secondary state if failed module(fw1) is reset ( i.e. would fw1 become active again)

2. will this cause a disruption in traffic flow, if so what is the expected duration

3. all the interfaces on the failed one show as not monitored, apart from physical issues, is there anything else we need to look upon

Appreciate all your help on this.

Thanks in Advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: firewall failover

When you bring up the failed module, it will stay as the seconday

The only time a failed module will preempt it when you are using acti/active with preempt enable. In your case you are using active/standby.

Franco

3 REPLIES

Re: firewall failover

When you bring up the failed module, it will stay as the seconday

The only time a failed module will preempt it when you are using acti/active with preempt enable. In your case you are using active/standby.

Franco

New Member

Re: firewall failover

thanks, if i do a no failover active, will the current fw1 become active.

Re: firewall failover

Yes.

The "no failover active" command you can run on the active unit to Force a failover to the standby unit in your case which is now the fw1

204
Views
4
Helpful
3
Replies
CreatePlease to create content