Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
1
Helpful
1
Replies

Cisco FTD HA Pair Issue

netbeginner
Level 2
Level 2

‎06-14-2023 01:19 AM

Hello All, 

We have Cisco FTD pair configured with HA. Recently we have updated the FTD with 7.0.5 version with this we have also upgraded snort-2 to snort-3 (as per recommendation). Both the requirement has been completed properly. But .. 

Post than a strange behavior has been observed.

- When Actual Secondary becomes ACTIVE , Traffic is working.

- When we failover and Actual Active unit becomes ACTIVE . All traffic stopped and resulting in massive outage.

ARPs are learning fine on problematic FTD (Actual Active) , While troubleshooting we came to know that FTD is not seeing SYN-ACK packet. However, traffic restored and working fine when we make Actual Secondary as Active unit.

If anyone experienced this problem and had solution. Please advice.

 

Rgds

***

 

 

 

1 Reply 1

MHM Cisco World
VIP
VIP

‎06-14-2023 03:16 AM

Failover link is back to back interconnect both FW.

Also You can specify virtual mac for both fw' this prevents any issue in ip-mac in sw.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card