Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1892
Views
0
Helpful
1
Replies

Cisco Firepower Interface Monitoring for HA

ChristopherCraddock66504
Level 1
Level 1

‎07-02-2021 07:27 AM - edited ‎07-02-2021 07:28 AM

Dear Community,

I had a question about interface monitoring for failover on the devices. I have a mix of port channels with sub-interfaces as well as individual interfaces. In terms of the port channels, should I be monitoring only the port channel or should I also monitor the subinteraces on the port channels as well? I cant think of a situation where one sub-interface on the port channel would go down while the others stay up, so I am not currently monitoring any of the subinterfaces, just the PC itself. Should I also be monitoring the subinterfaces?

 

Thanks.

0 Helpful
1 Reply 1

Sheraz.Salim
VIP
VIP

‎07-02-2021 08:16 AM

I think it depends how you want to configure your failover sceanrio. By default, only physical interfaces are monitored automatically, so you will need to enable the monitoring on each of those virtual sub-interfaces. you can configure sub-interfaces monitored too, so you know if there's a layer-2 issue with the switch(es) your ASAs are uplinked to.

 

however, if you already monitoring the individual interface in case if these physical interface fail your ASA will failover to other unit. now if there is a blip on one of the sub-interface (false flag) than your active unit will failover to standby and standby will become active.

 

 

 

 

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card