Re: Cisco ASA FTD 4100 SW version 9.8(4)-having different show run con

anilkumar.cisco · ‎10-07-2021

Hello Team,

i am having issue with my Cisco ASA firewall in FTD 4100 running in Multicontext mode.

Both primary and secondary firewall is having some different configuration

wherease Primary firewall is having correct configuration.

In order to mitigate the issue , should i run write standby command..

Will it impact any thing..

What will happen if i will not do any thing.. and need to upgrade the firewall and need to reboot the primary one..

Once the secondary will come up.. it can make my network worst.. and once Primary will come back. then it secondary write its configuration to primary and complete network will down.

Pls advise.

Chakshu Piplani · ‎10-07-2021

Write standby would be the next move, I would definitely do a complete backup via ASDM for the entire config.

You can read about write standby here:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115999-write-standby-command-qanda-00.html

Regards,

Chakshu

Do rate helpful posts!

anilkumar.cisco · ‎10-07-2021

My question is, on system context or in any other context we can give this command..
Any recommendation procedure for FTD ASA

Chakshu Piplani · ‎10-07-2021

For multiple context mode, when you enter the write standby command in the system execution space, all contexts are replicated. If you enter the write standby command within a context, the command replicates only the context configuration.

Regards,

Chakshu

Do rate helpful posts!

johnlloyd_13 · ‎10-08-2021

hi,

is the failover working/sync between primary and secondary FW?

also ensure ports on both units are all up.

post the output from 'system' context:

changeto system

show failover

show failover state

Cisco ASA FTD 4100 SW version 9.8(4)-having different show run config