01-25-2021 07:12 AM - edited 01-25-2021 08:33 AM
I currently run a ASA 5525-X in active/standby routed mode.
Is there a way to make the primary unit always be the active? Other firewall manufactures allow you to give the active and standby units a preempt priority level unique to each unit. When configuring my Palo Alto active/standby HA firewall I gave the primary unit a preempt priority of 5 and the standby unit a preempt priory of 10 (lower priority = preferred unit). This assures me that when the firewall is running normal with no issues with either unit, the Primary unit will always be the active unit. If I were to reload the primary unit - the secondary unit would be come active - once the primary unit has reloaded it would automatically become the active again due to having the lower preempt priority. When my environment is running normal I like to have the Primary unit be active - I am able to do this with my juniper and palo Alto firewall using the preempt priority mechanism - not so with my cisco ASA.
Solved! Go to Solution.
01-25-2021 07:52 AM
01-25-2021 07:44 AM
Hello.
As far as I know, A/S failover does not support preemption.
Preempt option is available on A/A failover.
01-25-2021 07:52 AM
01-25-2021 09:32 AM
As mentioned above, it's not possible in single context.
It's basically irrelevant to the running system whatever system is the active one, it's only a matter of display. I get it might be annoying, but it doesn't have any technical differences.
01-25-2021 10:01 AM
Thanks everyone
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide