Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2290
Views
0
Helpful
3
Replies

cisco asa sfr in failover

admins0011111
Level 1
Level 1

‎09-20-2015 10:38 PM - edited ‎02-21-2020 05:35 AM

I have two cisco asa 5516-X in failover. How to make so that failover on worked on a module sfr status?

0 Helpful
3 Replies 3

Kevin SAS
Level 1
Level 1

‎09-21-2015 02:01 AM

You need to license every SFR module on firesight appliance then create a policy wich is applied to both targeted devices.

Appliance doesn't know if you have lost one sfr module, it just applied policy to both module.

I never tried that, but I think it the right way to do that.

In documentation, the only thing related to failover is :

"If you configure the ASA in a failover pair, the ASA FirePOWER configuration does not automatically
synchronize with the ASA FirePOWER module on the secondary device.You must manually export the
ASA FirePOWER configuration from the primary and import it into the secondary every time you make
a change. Upon failover, the module also loses all configuration on the device that failed over."

Cf : http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541.html

But you should apply same policy to several module and all should be ok when ASA fails.

0 Helpful

admins0011111
Level 1
Level 1
In response to Kevin SAS

‎09-21-2015 02:21 AM

thanks. I had 5515-X before, not sourcefire. I could set up failover only with one working module there. And here both are necessary now...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card