Hi All,

below is a snippet from an ASA pair in active/standby mode but with standby unit showing as failed.

suspect it is because of the SFR missing form the standby FW (only installed on the active unit). did the no monitor-interface service-module but made no difference.

question - is it a requirement for failover to work, that you need a firepower module installed on both devices? cannot find any docs on this. if not a requirement the failed state might be unrelated to the sfr missing then?

any suggestions?

asa# Show failover
Failover On
Failover unit Primary
....
Version: Ours 9.14(3), Mate 9.14(3)
Serial Number: Ours FCHxxxxxxxxx, Mate FCHxxxxxxxx
Last Failover at: 17:33:25 SAST Jul 17 2023
This host: Primary - Active
Active time: 4565884 (sec)
slot 0: ASA5545 hw/sw rev (1.0/9.14(3)) status (Up Sys)
Interface outside (x.x.x.x: Normal (Monitored)
Interface inside (x.x.x.x: Normal (Monitored)
Interface dmz (x.x.x.x: Normal (Monitored)
slot 1: SFR5545 hw/sw rev (N/A/6.6.0-90) status (Up/Up)
ASA FirePOWER, 6.6.0-90, Up, (Not-Monitored)
slot 1: SFR5545 hw/sw rev (N/A/6.6.0-90) status (Up/Up)
ASA FirePOWER, 6.6.0-90, Up, (Not-Monitored)
Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: ASA5545 hw/sw rev (1.0/9.14(3)) status (Up Sys)
Interface outside (x.x.x.x: Normal (Monitored)
Interface inside (x.x.x.x: Normal (Monitored)
Interface dmz (x.x.x.x: Normal (Monitored)
slot 1: SFR5545 hw/sw rev (N/A/) status (Recover/Up)
slot 1: SFR5545 hw/sw rev (N/A/) status (Recover/Up)
asa#

asa# Show run all monitor-interface

monitor-interface outside
monitor-interface inside
monitor-interface dmz
no monitor-interface service-module

asa#

thanks in adv