Re: Failover State failed

Pradeep967 · ‎06-23-2021

In one of my firewall , I am able to see that the failover state is showing as failed :

Other host: Secondary - Failed
Active time: 0 (sec)
slot 0: status (Up Sys)
Interface inside: Normal (Monitored)
Interface outside : Failed (Waiting)
slot 1: SFR5525 hw/sw rev (N/A/6.2.3.12-80) status (Up/Up)
ASA FirePOWER, 6.2.3.12-80, Up, (Monitored)

But I am able to see that the outside interface is up

Interface GigabitEthernet1/0 "outside", is up, line protocol is up

Can someone help me , why it is showing as failed.

Rob Ingram · ‎06-23-2021

@Pradeep967

What is the status of the interface on the other ASA?

Check the outside interfaces are able to communicate with each other.

Rob Ingram · ‎06-23-2021

Ping the outside interface IP addresses and check the vlan is correct on the switch both ASAs are connected to.

Pradeep967 · ‎06-23-2021

We have restricted the icmp traffic on outside interface , hence it will not ping.

Regarding VLAN configurations are good from switch end

Sheraz.Salim · ‎06-23-2021

seem to be issue with the outside interface.

run this command

show failover state

it will give you more detail on the failover side.

also if you want to bring these firewall in HA pair issue a command "no monitor-interface outisde" once the HA back together you can start you troubleshoot to fix the issue for the outside on the secondary firewall.

please do not forget to rate.