Filter
Top Products
67-13
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 67 Configuring Active/Active Failover
Configuring Active/Active Failover
Note When configuring Active/Active failover, make sure that the combined traffic for both units is within the
capacity of each unit.
Fields
• Failover Groups—Lists the failover groups currently defined on the ASA.
–
Group Number—Specifies the failover group number. This number is used when assigning
contexts to failover groups.
–
Preferred Role—Specifies the unit in the failover pair, primary or secondary, on which the
failover group appears in the active state when both units start up simultaneously or when the
preempt option is specified. You can have both failover groups be in the active state on a single
unit in the pair, with the other unit containing the failover groups in the standby state. However,
a more typical configuration is to assign each failover group a different role preference to make
each one active on a different unit, balancing the traffic across the devices.
–
Preempt Enabled—Specifies whether the unit that is the preferred failover device for this
failover group should become the active unit after rebooting.
–
Preempt Delay—Specifies the number of seconds that the preferred failover device should wait
after rebooting before taking over as the active unit for this failover group. The range is between
0 and 1200 seconds.
–
Interface Policy—Specifies either the number of monitored interface failures or the percentage
of failures that are allowed before the group fails over. The range is between 1 and 250 failures
or 1 and 100 percent.
–
Interface Poll Time—Specifies the amount of time between polls among interfaces. The range
is between 1 and 15 seconds.
–
Replicate HTTP—Identifies whether Stateful Failover should copy active HTTP sessions to the
standby firewall for this failover group. If you do not allow HTTP replication, then HTTP
connections are disconnected at failover. Disabling HTTP replication reduces the amount of
traffic on the state link. This setting overrides the HTTP replication setting on the Setup tab.
• Add—Displays the Add Failover Group dialog box. This button is only enabled if less than 2
failover groups exist. See the “Add/Edit Failover Group” section on page 67-13 for more
information.
• Edit—Displays the Edit Failover Group dialog box for the selected failover group. See the “Add/Edit
Failover Group” section on page 67-13 for more information.
• Delete—Removes the currently selected failover group from the failover groups table. This button
is only enabled if the last failover group in the list is selected.
Add/Edit Failover Group
Use the Add/Edit Failover Group dialog box to define failover groups for an Active/Active failover
configuration.
Fields
• Preferred Role—Specifies the unit in the failover pair, primary or secondary, on which the failover
group appears in the active state. You can have both failover groups be in the active state on a single
unit in the pair, with the other unit containing the failover groups in the standby state. However, a
more typical configuration is to assign each failover group a different role preference to make each
one active on a different unit, balancing the traffic across the devices.