11-01-2023 02:03 AM
Hi
In the ASA with firepower module, can we use fail-open command with "no monitor-interface service-module" ?
Can it still detect fail status of firepower module with "no monitor-interface service-module"
Solved! Go to Solution.
11-01-2023 10:42 AM
fail-open - means if module is down, it will forward traffic regardless of configured rules.
no monitor-interface service-module - This is only related to high-availability, executing this command means IF the SFR module is down, it will not failover to standby unit if this is the only condition to trigger.
Both commands can operate along each other, but keep in mind they have different use-cases.
11-01-2023 11:20 AM
In addition to what @AViftrup correctly noted, the ASA will still see the status of the module even with "no monitor-interface service-module", it just won't trigger a failover event when the status changes to "failed". It will generate a syslog message whenever module status changes (assuming you haven't disabled logging).
11-01-2023 10:42 AM
fail-open - means if module is down, it will forward traffic regardless of configured rules.
no monitor-interface service-module - This is only related to high-availability, executing this command means IF the SFR module is down, it will not failover to standby unit if this is the only condition to trigger.
Both commands can operate along each other, but keep in mind they have different use-cases.
11-05-2023 12:11 AM
thanks alot for attention .
11-01-2023 11:20 AM
In addition to what @AViftrup correctly noted, the ASA will still see the status of the module even with "no monitor-interface service-module", it just won't trigger a failover event when the status changes to "failed". It will generate a syslog message whenever module status changes (assuming you haven't disabled logging).
11-05-2023 12:11 AM
thanks alot for explanation
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide