https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3738605#M132763 <P>according to the cisco asa, all in one firewall bk - the stateful failover does not replicate http-based connections by default as they can add considerable load on the asa if the traffic is a lot.</P> <P>regards</P> <P>azam</P> Sun, 04 Nov 2018 00:33:42 GMT mkazam001 2018-11-04T00:33:42Z https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3706424#M132758 <P>If 2 ASAs are setup in HA w/ stateful failover enabled and a failover occurs, do all https connections need to be re-established?&nbsp; The bulk of the connections would be via the outside interface facing servers, while a smaller set would be via OSPF learned networks.&nbsp; Here's the failover configuration from the ASA:</P> <P>&nbsp;</P> <P>failover<BR />failover lan unit secondary<BR />failover lan interface failover GigabitEthernet1/8<BR />failover key mykey<BR />failover polltime unit 5 holdtime 30<BR />failover replication http<BR />failover link failover GigabitEthernet1/8<BR />failover interface ip failover 172.16.252.254 255.255.255.0 standby 172.16.252.250</P> Tue, 12 Mar 2019 11:10:58 GMT https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3706424#M132758 mumbles202 2019-03-12T11:10:58Z https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3706474#M132759 <P>Hello,</P> <P>&nbsp;</P> <P>You have stateful failover configured and hence all TCP connections will survive the failover if it happens.</P> <P>The endpoint applications would not know a difference and there might be a dup ack or retransmission packets which will be a normal TCP scenario and the user running the application would not notice any difference.</P> <P>&nbsp;</P> <P>Regarding the Dynamic routing protocols, the routes are updated to standby unit and hence the disruption is minimal, all this is clearly documented in the below document, please refer to the 'Supported Features' Section:</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/ha-failover.html#ID-2107-000000f0" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/ha-failover.html#ID-2107-000000f0</A></P> <P>&nbsp;</P> <P>HTH</P> <P>AJ</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 13 Sep 2018 17:11:58 GMT https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3706474#M132759 Ajay Saini 2018-09-13T17:11:58Z https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3707122#M132760 <P>Thanks.&nbsp; I thought that would be the case with HTTP connections, wasn't sure about HTTPS.&nbsp; I read the note about the OSPF learned routes as well.</P> Fri, 14 Sep 2018 13:32:08 GMT https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3707122#M132760 mumbles202 2018-09-14T13:32:08Z https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3712444#M132761 <P>Can anyone confirm the same holds true for https connections?&nbsp;&nbsp;</P> Mon, 24 Sep 2018 20:37:25 GMT https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3712444#M132761 mumbles202 2018-09-24T20:37:25Z https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3712453#M132762 <P>Ajay has replied that all tcp connections will survive the failover. HTTPS is part tcp.</P> Mon, 24 Sep 2018 20:55:05 GMT https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3712453#M132762 slicerpro 2018-09-24T20:55:05Z https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3738605#M132763 <P>according to the cisco asa, all in one firewall bk - the stateful failover does not replicate http-based connections by default as they can add considerable load on the asa if the traffic is a lot.</P> <P>regards</P> <P>azam</P> Sun, 04 Nov 2018 00:33:42 GMT https://community.cisco.com/t5/network-security/https-connection-during-stateful-failover/m-p/3738605#M132763 mkazam001 2018-11-04T00:33:42Z