I currently run a ASA 5525-X in active/standby routed mode.
Is there a way to make the primary unit always be the active? Other firewall manufactures allow you to give the active and standby units a preempt priority level unique to each unit. When configuring my Palo Alto active/standby HA firewall I gave the primary unit a preempt priority of 5 and the standby unit a preempt priory of 10 (lower priority = preferred unit). This assures me that when the firewall is running normal with no issues with either unit, the Primary unit will always be the active unit. If I were to reload the primary unit - the secondary unit would be come active - once the primary unit has reloaded it would automatically become the active again due to having the lower preempt priority. When my environment is running normal I like to have the Primary unit be active - I am able to do this with my juniper and palo Alto firewall using the preempt priority mechanism - not so with my cisco ASA.
Solved! Go to Solution.
As mentioned above, it's not possible in single context.
It's basically irrelevant to the running system whatever system is the active one, it's only a matter of display. I get it might be annoying, but it doesn't have any technical differences.