Hi All,
I am working with 2 ASA 5520 with AIP-SSM-10 installed in both. My goal is to check the failover timer settings so that failover triggers without much delay.
While testing failover, source connected to inside interface of firewall is continuously pinging the destination on the outside of Firewall.
On Primary (active) firewall, I have issued a command "no active failover", which makes the secondary (standby) firewall to become active. Keeping an eye on the continuous ping I found that prior the secondary (previously standby firewall) takes a role of active firewall there were 3 Request Timed Outs.
In order to decrease the time taken for failover to trigger, I have issued command in configuration mode "failover polltime 1 holdtime 5" and observed only 1 Request Timed Out. So I got the result which was needed.
Moving on, the failover test was conducted by shutting down the AIP-SSM module. As expected, shutting down the AIP-SSM module triggered the failover, but I have observed 3 Request Timed Out in continuous ping operation.
Depending on the above scenario, I have following questions.
Q1: Is it possible to decrease the amount of time it takes to trigger the failover when AIP-SSM module fails?
Q2: Changing the polltime in firewall doesnot have any effect on AIP-SSM failure?
Q3: Will the command "failover polltime unit 1 holdtime 5" in configuration mode change the amount of time to trigger the failover, even when AIP-SSM module fails?
I would really appreciate if anyone can help me.
Thank you,
Nagabhushan
