Filter
Top Products
15-29
Cisco ASDM User Guide
OL-16647-01
Chapter 15 High Availability
Field Information for the Failover Panes
Failover > Active/Active Tab
Use this tab to enable Active/Active failover on the security appliance by defining failover groups. In an
Active/Active failover configuration, both security appliances pass network traffic. Active/Active
failover is only available to security appliances in multiple mode.
A failover group is simply a logical group of security contexts. You can create two failover groups on
the security appliance. You must create the failover groups on the active unit in the failover pair. The
admin context is always a member of failover group 1. Any unassigned security contexts are also
members of failover group 1 by default.
Note When configuring Active/Active failover, make sure that the combined traffic for both units is within the
capacity of each unit.
Fields
• Failover Groups—Lists the failover groups currently defined on the security appliance.
–
Group Number—Specifies the failover group number. This number is used when assigning
contexts to failover groups.
–
Preferred Role—Specifies the unit in the failover pair, primary or secondary, on which the
failover group appears in the active state when both units start up simultaneously or when the
preempt option is specified. You can have both failover groups be in the active state on a single
unit in the pair, with the other unit containing the failover groups in the standby state. However,
a more typical configuration is to assign each failover group a different role preference to make
each one active on a different unit, balancing the traffic across the devices.
–
Preempt Enabled—Specifies whether the unit that is the preferred failover device for this
failover group should become the active unit after rebooting.
–
Preempt Delay—Specifies the number of seconds that the preferred failover device should wait
after rebooting before taking over as the active unit for this failover group. The range is between
0 and 1200 seconds.
–
Interface Policy—Specifies either the number of monitored interface failures or the percentage
of failures that are allowed before the group fails over. The range is between 1 and 250 failures
or 1 and 100 percent.
–
Interface Poll Time—Specifies the amount of time between polls among interfaces. The range
is between 1 and 15 seconds.
–
Replicate HTTP—Identifies whether Stateful Failover should copy active HTTP sessions to the
standby firewall for this failover group. If you do not allow HTTP replication, then HTTP
connections are disconnected at failover. Disabling HTTP replication reduces the amount of
traffic on the state link. This setting overrides the HTTP replication setting on the Setup tab.
• Add—Displays the Add Failover Group dialog box. This button is only enabled if less than 2
failover groups exist. See Add/Edit Failover Group for more information.
• Edit—Displays the Edit Failover Group dialog box for the selected failover group. See Add/Edit
Failover Group for more information.
• Delete—Removes the currently selected failover group from the failover groups table. This button
is only enabled if the last failover group in the list is selected.
Modes
The following table shows the modes in which this feature is available: