hi,

i got a pair of ASA active-standby pair which failover didn't work or kick in over the holidays.

the traffic was restored when manually forced a failover to secondary FW.

failover link is via port-channel 1 and "data" ports are in a port-channel 15.

the root cause was the upstream core switch ports to the ASA "data" port-channel 15 both failed (G0/2 and G0/3) and it's was fixed by replacing new SFP.

my question is, why the ASA didn't auto failover when port-channel 15 ports both went down?

is it because the interfaces in port-channel 15 are NOT being monitored (CORP and MONITOR)?

do i need to add the 'monitor-interface <NAMEIF>' command for failover to work? should i manually add this command everytime there's a new interface being provisioned?

i also notice there isn't a 'failover key' configured by previous admin. is this a culprit or it has no bearing?

is the command 'no failover wait-disable' also a culprit? this was auto added during a previous code upgrade. should i remove it with 'failover wait-disable'?

FW01/sec/act# sh run failover
failover
failover lan unit secondary
failover lan interface failover Port-channel1
failover link failover Port-channel1
failover interface ip failover 172.16.1.1 255.255.255.248 standby 172.16.1.2
no failover wait-disable

FW01/sec/act# sh int po15   <<< DATA PORT/TRUNK
Interface Port-channel15 "", is up, line protocol is up
Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address 7c69.f62c.xxx, MTU not set
IP address unassigned
Members in this channel:
Active: Gi0/2 Gi0/3

FW01/sec/act# sh failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover Port-channel11 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 1 of 316 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.8xx, Mate 9.8xx
Serial Number: Ours FCH172222, Mate FCH171111
Last Failover at: 04:40:51 CEST Dec 21 2021
This host: Secondary - Active
Active time: 2274438 (sec)
slot 0: ASA5545 hw/sw rev (1.0/9.8(4)20) status (Up Sys)

Interface management (192.x.x.1): Normal (Monitored)

Interface CORP (172.16.20.4): Normal (Not-Monitored)   <<< Po15
Interface MONITOR (10.1.3.1): Normal (Not-Monitored)   <<< Po15

Other host: Primary - Standby Ready
Active time: 23353053 (sec)
slot 0: ASA5545 hw/sw rev (1.0/9.8(4)20) status (Up Sys)

Interface management (192.x.x.2): Normal (Monitored)

Interface CORP (0.0.0.0): Normal (Not-Monitored)   <<< FAILOVER FAILED BECAUSE THERE'S NO "SECONDARY" IP?
Interface MONITOR (0.0.0.0): Normal (Not-Monitored)