firepower HA failure

Mustapha Bassim — Wed, 13 Apr 2022 07:44:16 GMT

Hello dears

I have two FTD devices connected through FMC i had enable HA on them but the status of HA is failed one of them become active and second become failed with following error :

High availability status is intermediate

Re: firepower HA failure

Sheraz.Salim — Wed, 13 Apr 2022 08:07:56 GMT

What FMC version you on and what is the FTD version. Firepower Threat Defense devices in a high availability configuration must have the same licenses. Here

could you log into FTDs and give command show high-availability config

Re: firepower HA failure

Mustapha Bassim — Wed, 13 Apr 2022 08:14:59 GMT

hello dear

for FMC 7.0.1.1

and for FTD 7.0.1.1

and this the output

Failover On
Failover unit Secondary
Failover LAN Interface: HAlink Ethernet1/11 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 1293 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.16(2)5, Mate 9.16(2)5
Serial Number: Ours JAD260412UE, Mate JAD26030HBS
Last Failover at: 10:07:18 UTC Apr 7 2022
This host: Secondary - Failed
Active time: 0 (sec)
slot 0: FPR-2130 hw/sw rev (1.5/9.16(2)5) status (Up Sys)
Interface outside-1 (0.0.0.0): No Link (Waiting)
Interface vlan11 (0.0.0.0): Normal (Not-Monitored)
Interface vlan20 (0.0.0.0): Normal (Not-Monitored)
Interface vlan21 (0.0.0.0): Normal (Not-Monitored)
Interface vlan22 (0.0.0.0): Normal (Not-Monitored)
Interface vlan25 (0.0.0.0): Normal (Not-Monitored)
Interface diagnostic (0.0.0.0): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)
Other host: Primary - Active
Active time: 3104 (sec)
slot 0: FPR-2130 hw/sw rev (1.5/9.16(2)5) status (Up Sys)
Interface outside-1 (100.64.0.2): Normal (Waiting)
Interface vlan11 (10.0.0.209): Normal (Not-Monitored)
Interface vlan20 (100.65.0.241): Normal (Not-Monitored)
Interface vlan21 (100.66.0.1): Normal (Not-Monitored)
Interface vlan22 (100.66.0.129): Normal (Not-Monitored)
Interface vlan25 (100.65.0.225): Normal (Not-Monitored)
Interface diagnostic (0.0.0.0): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)

Stateful Failover Logical Update Statistics
Link : StateLink Ethernet1/12 (up)
Stateful Obj xmit xerr rcv rerr
General 393 0 1078 0
sys cmd 393 0 393 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 162 0
UDP conn 0 0 274 0
ARP tbl 0 0 247 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
SIP Tx 0 0 0 0
SIP Pinhole 0 0 0 0
Route Session 0 0 0 0
Router ID 0 0 0 0
User-Identity 0 0 1 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0
Rule DB B-Sync 0 0 1 0
Rule DB P-Sync 0 0 0 0
Rule DB Delete 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 5 5645
Xmit Q: 0 1 393

Re: firepower HA failure

Sheraz.Salim — Wed, 13 Apr 2022 08:30:51 GMT

Could you please show a command show failover history detail

topic firepower HA failure in Network Security

firepower HA failure

Re: firepower HA failure

Re: firepower HA failure

Re: firepower HA failure