Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

HA state progression failed


I have a pair of firewall 5520 which is running 8.2(5) image.

Recently I am facing the "HA state progression failed" failover issue in the secondary unit which forces the secondary unit to failover disabled stage.


Any body have idea why it is happening.

Both firewalls are directly connected. for the troubleshooting purposed I had changed the failover cable and other cables of secondary unit as well. this incident happened three times in last two three week. i had not done any changes regarding the failover concern.


some outputs Running config
interface Management0/0
 description LAN Failover Interface

failover lan unit secondary
failover lan interface lan_fail Management0/0
failover key *****
failover interface ip lan_fail standby


------------------ show failover ------------------

Failover Off (pseudo-Standby)
Failover unit Secondary
Failover LAN Interface: lan_fail Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 160 maximum

------------------ show failover history ------------------

From State                 To State                   Reason
Not Detected               Negotiation                No Error

Negotiation                Cold Standby               Detected an Active mate

Cold Standby               Disabled                   HA state progression failed


show failover state

               State          Last Failure Reason      Date/Time
This host  -   Secondary
               Disabled       None
Other host -   Primary
               Not Detected   None

====Configuration State===
====Communication State===




Cisco Employee

Hi , Kindly provide below

Hi ,

 Kindly provide below outputs  and verify is there is any crash on secondary ASA.

sh failover history  ( complete output from Primary and secondary )

sh version  ( primary and secondary )



Prashant Joshi






Community Member

Hi,Both firewall have the


Both firewall have the same IOS, License , hardware. it was working smooth from last 1,2 yrs

Also u i had shared the show failover history from secondary unit, From Primary it dont effect any because fail-over didn't happened.

have a pair of firewall 5520 which is running 8.2(5) image

I am wondering if you might

I am wondering if you might be running into this bug:


Please remember to select a correct answer and rate helpful posts


Please remember to rate and select a correct answer
Cisco Employee

Hi,I asked those outputs to


I asked those outputs to check uptime on your secondary  ASA, because I suspect your secondary firewall crashed and caused this issue.

I asked "failover history" output from Primary to see all the past  failover activities.



Prashant Joshi






Community Member

Dear PrashantI want to apply

Dear Prashant

I want to apply license to increase security context in FWSM which is running in Active-Active mode on VSS Core switches

As per below document, first we need to disable failover by entering 'no failover' command on active FWSM and then apply the license seperately on both FWSM.

I just want to know when i will disable the failover then standby move to pseudo-standby state. 

Will there be any services impact which are running behind the FWSM when disbaling the failover and then re-enabling the failover.


Appreciate your response.

CreatePlease to create content