Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IPS upgrade at ASA Failover Scenario

Hi guys. We have the following scenario.

Two ASA 5520 in failover, as active/standby, and each ASA has a IPS ASA-SSM-20.

Well, the issue is , when we upgraded the ASA-SSM-20 intalled on Primary (Active) ASA from 5.1.5(E1) to 6.0(1) version, when we reloaded the IPS Module, the secundary ASA became Active.

Is it possible, that the ASA monitoring the IPS Module as a common interface.

I think that the ASA do not to change its failover status because we reloaded the IPS Module.

When we upgraded the IPS Module at the secundary ASA, the issue were the same, and the ASA primary (at this point as standby ready, after the IPS Module comes back online) becames as active.

Thanks in advance!!!


Re: IPS upgrade at ASA Failover Scenario

Your ASAs should failover like you explained if your module becomes unavailable (rebooted). This is normal behavior.

New Member

Re: IPS upgrade at ASA Failover Scenario

10 year old thread but here goes:

The module health is part of what the ASAs use to determine overall health (and which firewall should therefore be active).  The way I do this is upgrade the module in the standby firewall first and reboot it.  No failover happens because active remains more healthy and stays active.   Then once it's up and healthy I shut down the module in the standby device (hw module module 1 shutdown, or sw module).  Then I upgrade the module in the active firewall and let it reboot.   Again no failover happens because the standby device's module is down, so the active is either MORE healthy or EQUALLY healthy.  Then once the active module is up and healthy I log into the standby and tell it to reset the module so that it will come up and both active and standby have healthy upgraded modules.  

CreatePlease to create content