Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
3
Replies

ASA-5525 with sfr module Failover

Go to solution
sifathmirza
Beginner
Beginner

‎10-12-2016 10:30 PM - edited ‎03-12-2019 01:23 AM

 Hi all,

I have ASA-5525  with sfr module running as active/standby, sfr is managed by ASDM.
1. Can i take both sfr modules ip address as same or different ? (managed by ASDM) (i guess same)
2. If iam using firepower management center then how can i take ip addree for sfr ? same or different. (i guess different)
3. can i use firepower in context mode.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎10-13-2016 11:40 AM

Hi there! My answers below:

1. No, each SFR module needs to have its own unique IP address. The SFR modules do not understand the concept of active/standby. They are independent and as a result, each module needs to be licensed and configured. Thus, it is important that the configurations that you are pushing to the SFR modules are identical. 

2. The same as #1. Each SFR module will have its own IP address

3. Yes, multi-context mode is supported. However, the actual SFR modules are not/cannot be split into different contexts. The modules are shared between all of the contexts and separate sfr policies can be applied to different contexts.

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

0 Helpful
3 Replies 3

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎10-13-2016 11:40 AM

Hi there! My answers below:

1. No, each SFR module needs to have its own unique IP address. The SFR modules do not understand the concept of active/standby. They are independent and as a result, each module needs to be licensed and configured. Thus, it is important that the configurations that you are pushing to the SFR modules are identical. 

2. The same as #1. Each SFR module will have its own IP address

3. Yes, multi-context mode is supported. However, the actual SFR modules are not/cannot be split into different contexts. The modules are shared between all of the contexts and separate sfr policies can be applied to different contexts.

I hope this helps!

Thank you for rating helpful posts!

0 Helpful

Go to solution
ABhamra
Beginner
Beginner
In response to nspasov

‎08-12-2022 09:17 AM

Hi Nspasov,

On the same line , if one ASA 5515/25 have SFR module installed and another ASA is missing that module, Can these ASA still form failover/HA  ?

If not, if we disable /remove sfr (hope that is possible)---can we configure fail-over with out issues ?

 

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend
In response to ABhamra

‎08-12-2022 09:54 AM

@ABhamra this thread is almost 6 years old and @nspasov has left Cisco. (Hi Neno!)

You can form a HA pair with devices as you describe if you simply uninstall the sfr software module on the ASA that currently has it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents