04-18-2018 07:40 AM - edited 02-21-2020 07:38 AM
Hello,
Question about configuring an Active/Failover build
We already have a 5545 in place, configured and running, but it is a single unit, with no redundancy.
I want to explore adding another node and re configuring, this and the new firewall into an active/passive state.
My question is - If my current unit is already configured, can I easily add another firewall as the passive unit, or is it best practice to wipe the current build, and rebuild as active/passive pair?
Solved! Go to Solution.
04-18-2018 08:29 AM
You don't need to wipe the config.
Here are the steps that I usually use to setup a failover pair in such cases:
1.backup config
2.failover config on the primary ASA, but do not enable failover
3.clear the config on the secondary ASA
4.failover config on the secondary ASA and enable failover
5.connect the failover links
6.check interfaces and config and enable failover on the primary ASA
the secondary ASA should get the config from the primary and you should see it in standby ready mode
HTH
Bogdan
04-18-2018 08:29 AM
You don't need to wipe the config.
Here are the steps that I usually use to setup a failover pair in such cases:
1.backup config
2.failover config on the primary ASA, but do not enable failover
3.clear the config on the secondary ASA
4.failover config on the secondary ASA and enable failover
5.connect the failover links
6.check interfaces and config and enable failover on the primary ASA
the secondary ASA should get the config from the primary and you should see it in standby ready mode
HTH
Bogdan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide