interface shutdown in firewall

suthomas1 — Mon, 11 Mar 2019 19:50:24 GMT

if one out of few interface , monitored under failover, is shutdown on the primary firewall, what impact will it cause with failover of devices.

how will the connection be regained in such case.

thank you.

Re: interface shutdown in firewall

Jennifer Halim — Mon, 14 Feb 2011 22:45:55 GMT

By default, when 1 out of the few ASA "monitored" interfaces are shutdown, it will failover to the standby unit within 5 seconds.

You can check which interfaces are monitored by issueing the "show monitor-interface" command, as not all interfaces are possibly configured to be monitored. ASA will only detect failure on "monitored" interfaces and if failure occurs on interface that is not being monitored, failover will not occur.

You can also change the policy on when failover occurs with the command: failover interface-policy [num/%]

You can configure it in such a way that only when 2 out of the 5 monitored interfaces are down to trigger the failover. However, if you are happy with the default of 1 monitored interface failure, then just leave it as default.

Here is the configuration guide for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ha_active_standby.html#wp1116789

Here is the failover default times for different failures for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ha_overview.html#wp1079158

Hope this helps.

topic interface shutdown in firewall in Network Security

interface shutdown in firewall

Re: interface shutdown in firewall