67-14
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 67 Configuring Active/Active Failover
Configuring Active/Active Failover
• Preempt after booting with optional delay of—Checking this check box causes the unit that is the
preferred failover device for a failover group to become the active unit after rebooting. Checking
this check box also enables the Preempt after booting with optional delay of field in which you can
specify a period of time that the device should wait before becoming the active unit.
• Preempt after booting with optional delay of—Specifies the number of seconds that a unit should
wait after rebooting before taking over as the active unit for any failover groups for which it is the
preferred failover device. The range is between 0 and 1200 seconds.
• Interface Policy—Contains the fields for defining the policy for failover when monitoring detects
an interface failure. These settings override any interface policy settings on the Criteria tab.
–
Number of failed interfaces that triggers failover—When the number of failed monitored
interfaces exceeds the value you set with this command, then the ASA fails over. The range is
between 1 and 250 failures.
–
Percentage of failed interfaces that triggers failover—When the number of failed monitored
interfaces exceeds the percentage you set with this command, then the ASA fails over.
• Poll time interval for monitored interfaces—The amount of time between polls among interfaces.
The range is between 1 and 15 seconds.
• Enable HTTP replication—Checking this check box enables Stateful Failover to copy active HTTP
sessions to the standby firewall. If you do not allow HTTP replication, then HTTP connections are
disconnected at failover. Disabling HTTP replication reduces the amount of traffic on the state link.
This setting overrides the HTTP replication setting on the Setup tab.
• MAC Addresses—Lists physical interfaces on the ASA for which an active and standby virtual
MAC address has been configured.
–
Physical Interface—Displays the physical interface for which failover virtual MAC addresses
are configured.
–
Active MAC Address—Displays the MAC address for the interface and failover group on the
unit where the failover group is active.
–
Standby MAC Address—Displays the MAC address for the interface and failover group on the
unit where the failover group is in the standby state.
• Add—Displays the Add Interface MAC Address dialog box. You cannot assign virtual MAC
addresses to the LAN failover and Stateful Failover interfaces. See the “Add/Edit Interface MAC
Address” section on page 67-14 for more information.
• Edit—Displays the Edit Interface MAC Address dialog box for the selected interface. See the
“Add/Edit Interface MAC Address” section on page 67-14 for more information.
• Delete—Removes the currently selected interface from the MAC addresses table. There is no
confirmation or undo.
Add/Edit Interface MAC Address
Use the Add/Edit Interface MAC Address dialog box to define the active and standby virtual MAC
addresses for the interfaces in a failover group. If you do not specify a virtual MAC address for an
interface, the interface is given a default virtual MAC address as follows:
• Active unit default MAC address: 00a0.c9physical_port_number.failover_group_id01.
• Standby unit default MAC address: 00a0.c9:physical_port_number.failover_group_id02.