topic FTD HA failover scenario (No data interface monitored) in Network Security https://community.cisco.com/t5/network-security/ftd-ha-failover-scenario-no-data-interface-monitored/m-p/4512407#M1085510 <P>Hello Everyone,</P><P>&nbsp;</P><P>I have a FTD pair in HA with active standby configuration. Both peer are connected to DC switches using VPC.</P><P>&nbsp;</P><P>A direct failover and staelink is connected between both peers. We do not have any data interface monitored or standby ip configured on it. i.e. inside and ouside</P><P>&nbsp;</P><P>1) If failover link and/or statelink disconnects in this case then what would happen?&nbsp;</P><P>&nbsp;</P><P>2) if data interfaces were also being monitored with standby ip and failover link and/or statelink fails then what would happen?&nbsp;</P> Fri, 03 Dec 2021 06:58:09 GMT 00u17 2021-12-03T06:58:09Z FTD HA failover scenario (No data interface monitored) https://community.cisco.com/t5/network-security/ftd-ha-failover-scenario-no-data-interface-monitored/m-p/4512407#M1085510 <P>Hello Everyone,</P><P>&nbsp;</P><P>I have a FTD pair in HA with active standby configuration. Both peer are connected to DC switches using VPC.</P><P>&nbsp;</P><P>A direct failover and staelink is connected between both peers. We do not have any data interface monitored or standby ip configured on it. i.e. inside and ouside</P><P>&nbsp;</P><P>1) If failover link and/or statelink disconnects in this case then what would happen?&nbsp;</P><P>&nbsp;</P><P>2) if data interfaces were also being monitored with standby ip and failover link and/or statelink fails then what would happen?&nbsp;</P> Fri, 03 Dec 2021 06:58:09 GMT https://community.cisco.com/t5/network-security/ftd-ha-failover-scenario-no-data-interface-monitored/m-p/4512407#M1085510 00u17 2021-12-03T06:58:09Z Re: FTD HA failover scenario (No data interface monitored) https://community.cisco.com/t5/network-security/ftd-ha-failover-scenario-no-data-interface-monitored/m-p/4512497#M1085515 <PRE>1) If failover link and/or statelink disconnects in this case then what would happen? </PRE> <P>They become the split brain. that means both become active. (then one should manually shut down to restore the services.</P> <P>&nbsp;</P> <P>&nbsp;</P> <PRE>2) if data interfaces were also being monitored with standby ip and failover link and/or statelink fails then what would happen? </PRE> <P>Good failure scenarios are explained below :</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html</A></P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html</A></P> Fri, 03 Dec 2021 09:29:01 GMT https://community.cisco.com/t5/network-security/ftd-ha-failover-scenario-no-data-interface-monitored/m-p/4512497#M1085515 balaji.bandi 2021-12-03T09:29:01Z