Cisco ASA Firewall Uptime

sindbandgi · ‎05-12-2020

We are running Cisco ASA firewalls in Cluster, yesterday there was alert for cluster failover.

When we check firewall uptime, it is showing differently in the system context and admin context.

Why uptime showing differently?

CiscoASA/admin/act# sh ver | i up
CiscoASA up 6 days 23 hours
failover cluster up 4 years 195 days
CiscoASA/admin/act# changeto sys
CiscoASA/act# sh ver | i up
Config file at boot was "startup-config"
CiscoASA up 4 years 184 days
failover cluster up 4 years 195 days
CiscoASA/act#

Marvin Rhoads · ‎05-12-2020

Contexts can failover independently of one another. Generally it's due to what interfaces are included in their respective failover monitoring.

"show failover history" executed from both units will give you a more complete picture of when and why failover events have occurred.

sindbandgi · ‎05-12-2020

Hello,

Thanks for the reply , show failover history is showing failover due to "
HELO not heard from a mate "

My question why the uptime si showing differently in System context and
admin context, the uptime which is showing is related to the respective
context

Marvin Rhoads · ‎05-12-2020

"HELO not heard from mate" normally either means the mate went offline or (less likely) that the failover link had an issue. Checking the mate for its uptime would confirm if the first reason is the cause.

The uptime is for the context in which you run the command.

If you open a TAC case, the engineer can look at the configuration with you in real time and perhaps give you a more complete explanation.