Re: ASA5508 Failover Firewalls reboot

andreycgipokorskiy · ‎02-02-2023

Hello Community!
We have two ASA5508s with failover (one active and one standby).
We need to reboot both firewalls due to a memory leak issue
What is the reboot process?
1. Check the status of the failover
2. Reboot the backup firewall.
3. Check the status of the backup firewall.
4. Check the status of the primary firewall.
5. Reboot the primary firewall.
6. Check the fault tolerance status of the primary firewall.
Is there any "how to..." guide or list of commands I can use?

Thank you!
Sincerely,
Andrey P.

Rob Ingram · ‎02-02-2023

@andreycgipokorskiy use the command "show failover" to determine the status before and after.

The primary should be "active" and the secondary should be "standby ready"

Reboot the secondary firewall, once up check the status. Then reboot the primary, this should automatically failover. Only do this if the output of "show failover" does not confirm there are any issues.

andreycgipokorskiy · ‎02-02-2023

Hello Rob!
Thank you so much again!!!
I really appreciate your help with my second request!!!

MHM Cisco World · ‎02-02-2023

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/asa-appliance-asav.html#concept_xxv_yvn_kkb

check this guide

andreycgipokorskiy · ‎02-03-2023

Thank you so much MHM Cisco World!!

Marius Gunnerud · ‎02-03-2023

Just to add my two cents. Your steps are correct but I would add an extra step. You might already plan to do this but good to put it down in writing.

Check status of firewalls (show failover | in host)
Reboot Secondary/standby firewall
Check status of the firewall
Failover so that Secondary/active
verify traffic is passing through secondary/active firewall correctly
reboot Primary/standby firewall
Check status of firewall
failover to Primary/active
verify traffic is passing correctly.

--
Please remember to select a correct answer and rate helpful posts

andreycgipokorskiy · ‎02-03-2023

Thank you Marius Gunnerud!!