07-15-2009 06:37 AM - edited 03-11-2019 08:55 AM
I have 2 5540 ASA in an Active / Standy setup. The Active firewall has a packet shaper sitting between it and the inside LAN. When I reboot the Packet shaper the FWs failover. I have the default timeings for failover 1 second hello 15 seconds keepalive. I would assume this emans that as long as the Active firewall sends a hello packet within 15 seconds the standby will not assume the active role. The Packet Shaper reboot takes only a couple of seconds (typically 1 or 2 lost ping packets) Am I missing something simple here?
07-15-2009 07:23 AM
The packetshaper takes only a few seconds to reboot. However, the interface link will be down for approximately 40 seconds during the reboot as I tested in a lab.
All systems are like this, it doesn't mean that once they booted successfully, their network link will be up at the same time.
07-15-2009 07:31 AM
Danilo,
thanks for your quick response. What is the reason for this?
By the way, the packet shaper does not really take only a few seconds to boot, buts "fails open" whenever it is rebooted.
07-15-2009 10:54 AM
This is probably because of interface health checks. The primary device sees the interface go down and is now "less healthy" than the secondary and fails over.
07-16-2009 12:01 AM
Pete,
Thanks very much for your respose. Do you know how I can override this default behaviour and ensure the primary stays active unless the secondary does not receive a hello packet within the 15 seconds?
Thanks again,
Rich
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide