Solved: ASA Failover Poll time

naveen98 · ‎03-15-2023

Hi Community,

We have 2 firepower 2130 devices on ASA appliance with primary secondary cluster. Recently there has been an issue with failover not working when #no failover active command performed on the active device. The tac issue still looking the issue and they were able to recreate issue in their lab. While they are checking the issue, they have suggested to change the failover poll time from 1 second to 15 seconds as workaround. We need to know what will be the impact of that change from the community. Kindly explain the failover poll time concept along with that.

Rob Ingram · ‎03-15-2023

@naveen98 a faster poll time would mean the ASA would detect a failure on the Active ASA quicker and failover to the Standby. So by increasing from 1 to 15 seconds, failover to the Standby would be slower and cause more impact to traffic, but only in the event of a failover.

View solution in original post

Rob Ingram · ‎03-15-2023

@naveen98 a faster poll time would mean the ASA would detect a failure on the Active ASA quicker and failover to the Standby. So by increasing from 1 to 15 seconds, failover to the Standby would be slower and cause more impact to traffic, but only in the event of a failover.

MHM Cisco World · ‎03-15-2023

if the failover is direct connect the the poll time must not adjust, poll time adjust if there is no direct connect and there is some congestion in SW port.
NOW

if you can make dedicate link for status instead of make link carry both hello and status data between two FW.

that my opinion instead of change poll time