ASA Fail over

Mohamed Kabeer S · ‎08-05-2014

Hi Team,

Can anyone answer below simple question. I am new to security level please assist me regards this

For active and passive failover configured firewall,

1.What about the default timer?

2.If active device exit hold down timer, then passive will comes up. After that if active device comes up, then which one play as active asa.

3.failover mainly based on which category?

Thanks and Regards,

Mohamed kabeer.S

nkarthikeyan · ‎08-05-2014

Hi,

Please find my answers.

1.What about the default timer?

Health check and monitoring will run continiously between FO pairs and it updates every second....

The default values on the ASA security appliance are as follows:

•The poll time is 1 second.

•The holdtime time is 15 seconds.

2.If active device exit hold down timer, then passive will comes up. After that if active device comes up, then which one play as active asa.

If the active devices failover and then the standby device will become active.... and even after the primary unit comes back to up also it will not fall back to primary unit......

3.failover mainly based on which category?

Failover is for providing the redundancy over the network.... if primary fails the secondary device will take the traffic..... there are two failovers... lan based and stateful.....

LAN based FO is the failover mechanism for the LAN failure scenarios... if the link/connectivity goes down for some reason it will failover to the standby unit....

Stateful failover --> This will enable the uninterrupted traffic passing through without any issues even during the failover scenarios as it exchanges the session table as well during sync.... when you enable only LAN based FO then you might loose the active connections during the FO....

Regards

Karthik