01-09-2014 04:22 PM - edited 03-11-2019 08:27 PM
hi
I'm making some major changes to the config on an active/standby asa this evening and am planning the roll back in case things go bad.
I'm planning to wr mem the config and then 'no failover' on the Active asa
THen make the changes.
If all goes well, hopefully i can re-enable failover and sync the configs with 'failover' on the Active asa ? And the wr mem the config.
If all goes bad, i can 'reload' the Active and it should reload the the old config and it can 'failover' to re-enable the clustering.
Am i correct in these commands? Will 'failover' re-enable or actually failover!
Also should i be doing these on the Active or Standby asa.
thanks
phil
Solved! Go to Solution.
01-12-2014 03:41 PM
Hello Phil,
Is there something else that you need from this discussion? Otherwise you can mark it as answered.
Kudos to you for the explanation
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-10-2014 08:15 AM
Hello Philbe,
The thing is that as long as you take out the no failover active, the other ASA (standby) will claim to be the active and this one (ex-active) as do not have any failover config will be forwarding traffic so you might get havving network problems as both of the firewalls will be claiming to have the same IP address but different MAC addresses.
If you want to follow this path you will need to disable failover on the secondary unit first and then on the primary and make the changes (you will miss the failover functionality but at least you will not cause any network outage).
For me the best way to go is to do it while having the network with failover, make sure you have a backup of the config and a console connection to the firewall so you can inmediatly go back to the previous setup.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
01-12-2014 02:40 PM
hi Julio
thanks for that. All the changes went well, so no need to roll back in the end.
I did on the primary/active : conf t, no failover
i then did a show failover on each, i then made some changes, and they weren't replicated to the secondary/standby.
When all was well , i did on the primary/active, : conf t , failover
I lost connectivity to the secondary/standby as it was sync-ing the config, but no issues on the prim.
thanks
phil
01-12-2014 03:41 PM
Hello Phil,
Is there something else that you need from this discussion? Otherwise you can mark it as answered.
Kudos to you for the explanation
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide