Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
5
Replies

Cisco Virtual Ftds

YonasA
Level 1
Level 1

‎01-01-2025 11:48 AM

Hello Everyone, 

We have deployed two cisco virtual FTDs on our environment and configure them as HA. Those firewalls are connected with core switch over ospf and they are working seamlessly. However when the standby unit become active it will lose the ospf configuration it had earlier.  But when we move the status to the former one, it works fine. So is there anyone who can guide us to sort out this issue or explain the reason why it loses ospf configuration?

 

with regards,

Yonas A

 

0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎01-01-2025 11:52 AM

How it loss the config? Can you more elaborate 

Thanks 

MHM

0 Helpful

YonasA
Level 1
Level 1
In response to MHM Cisco World

‎01-01-2025 11:58 AM

Hello MHM,

Like i said before changing the active unit the firewall is connected with the core switch over ospf protocol. Then we would like to change the active unit to standby by shutting down or reload it. By that time the standby unit will become active but it will ospf configuration and can be able to forward traffic to the core switch as the way it should. We dont know why it losses its ospf configuration. 

 

With regards,

Yonas A. 

0 Helpful

MHM Cisco World
VIP
VIP
In response to YonasA

‎01-01-2025 12:06 PM

I dont think it loss ospf config' but issue is

In FW active/standby only active established ospf and standby not participate in ospf' when failover is happened standby need some time to establish ospf with core.

To solve issue and forward traffic use NSF.

MHM

0 Helpful

YonasA
Level 1
Level 1
In response to MHM Cisco World

‎01-01-2025 09:22 PM

Can you guide as the optimal steps used to configure NSF. Because i have tried but it does not have any different.

0 Helpful

Flavio Miranda
VIP
VIP

‎01-01-2025 01:31 PM

@YonasA 

You can configure a device as NSF-capable or NSF-aware. A NSF-capable device can indicate its own restart activities to neighbors and a NSF-aware device can help a restarting neighbor.

Pay attentition to this warning

"Note

 You must not configure the OSPF process to use fast hello packets if you also configure graceful restart. Graceful restart cannot occur with fast hello packets, because the time taken for the role change between the active and standby units is more than the configured dead interval."

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-ospf.html

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card