Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1327
Views
0
Helpful
3
Replies

firepower HA failure

Mustapha Bassim
Level 1
Level 1

‎04-13-2022 12:44 AM

Hello dears

 

I have two FTD devices connected through FMC i had enable HA on them but the status of HA is failed one of them become active and second become failed with following error :

 

High availability status is intermediate

0 Helpful
3 Replies 3

Sheraz.Salim
VIP
VIP

‎04-13-2022 01:07 AM

What FMC version you on and what is the FTD version. Firepower Threat Defense devices in a high availability configuration must have the same licenses. Here 

could you log into FTDs and give command show high-availability config

 

 

please do not forget to rate.
0 Helpful

Mustapha Bassim
Level 1
Level 1
In response to Sheraz.Salim

‎04-13-2022 01:14 AM

hello dear

for FMC 7.0.1.1

 

and for FTD 7.0.1.1

 

and this the output

Failover On
Failover unit Secondary
Failover LAN Interface: HAlink Ethernet1/11 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 1293 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.16(2)5, Mate 9.16(2)5
Serial Number: Ours JAD260412UE, Mate JAD26030HBS
Last Failover at: 10:07:18 UTC Apr 7 2022
This host: Secondary - Failed
Active time: 0 (sec)
slot 0: FPR-2130 hw/sw rev (1.5/9.16(2)5) status (Up Sys)
Interface outside-1 (0.0.0.0): No Link (Waiting)
Interface vlan11 (0.0.0.0): Normal (Not-Monitored)
Interface vlan20 (0.0.0.0): Normal (Not-Monitored)
Interface vlan21 (0.0.0.0): Normal (Not-Monitored)
Interface vlan22 (0.0.0.0): Normal (Not-Monitored)
Interface vlan25 (0.0.0.0): Normal (Not-Monitored)
Interface diagnostic (0.0.0.0): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)
Other host: Primary - Active
Active time: 3104 (sec)
slot 0: FPR-2130 hw/sw rev (1.5/9.16(2)5) status (Up Sys)
Interface outside-1 (100.64.0.2): Normal (Waiting)
Interface vlan11 (10.0.0.209): Normal (Not-Monitored)
Interface vlan20 (100.65.0.241): Normal (Not-Monitored)
Interface vlan21 (100.66.0.1): Normal (Not-Monitored)
Interface vlan22 (100.66.0.129): Normal (Not-Monitored)
Interface vlan25 (100.65.0.225): Normal (Not-Monitored)
Interface diagnostic (0.0.0.0): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)

Stateful Failover Logical Update Statistics
Link : StateLink Ethernet1/12 (up)
Stateful Obj xmit xerr rcv rerr
General 393 0 1078 0
sys cmd 393 0 393 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 162 0
UDP conn 0 0 274 0
ARP tbl 0 0 247 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
SIP Tx 0 0 0 0
SIP Pinhole 0 0 0 0
Route Session 0 0 0 0
Router ID 0 0 0 0
User-Identity 0 0 1 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0
Rule DB B-Sync 0 0 1 0
Rule DB P-Sync 0 0 0 0
Rule DB Delete 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 5 5645
Xmit Q: 0 1 393

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Mustapha Bassim

‎04-13-2022 01:30 AM

Could you please show a command show failover history detail

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card