cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

firepower HA failure

Mustapha Bassim
Beginner
Beginner

Hello dears

 

I have two FTD devices connected through FMC i had enable HA on them but the status of HA is failed one of them become active and second become failed with following error :

 

High availability status is intermediate

3 REPLIES 3

Sheraz.Salim
VIP Advisor VIP Advisor
VIP Advisor

What FMC version you on and what is the FTD version. Firepower Threat Defense devices in a high availability configuration must have the same licenses. Here 

could you log into FTDs and give command show high-availability config

 

 

please do not forget to rate.

hello dear

for FMC 7.0.1.1

 

and for FTD 7.0.1.1

 

and this the output

Failover On
Failover unit Secondary
Failover LAN Interface: HAlink Ethernet1/11 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 2 of 1293 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.16(2)5, Mate 9.16(2)5
Serial Number: Ours JAD260412UE, Mate JAD26030HBS
Last Failover at: 10:07:18 UTC Apr 7 2022
This host: Secondary - Failed
Active time: 0 (sec)
slot 0: FPR-2130 hw/sw rev (1.5/9.16(2)5) status (Up Sys)
Interface outside-1 (0.0.0.0): No Link (Waiting)
Interface vlan11 (0.0.0.0): Normal (Not-Monitored)
Interface vlan20 (0.0.0.0): Normal (Not-Monitored)
Interface vlan21 (0.0.0.0): Normal (Not-Monitored)
Interface vlan22 (0.0.0.0): Normal (Not-Monitored)
Interface vlan25 (0.0.0.0): Normal (Not-Monitored)
Interface diagnostic (0.0.0.0): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)
Other host: Primary - Active
Active time: 3104 (sec)
slot 0: FPR-2130 hw/sw rev (1.5/9.16(2)5) status (Up Sys)
Interface outside-1 (100.64.0.2): Normal (Waiting)
Interface vlan11 (10.0.0.209): Normal (Not-Monitored)
Interface vlan20 (100.65.0.241): Normal (Not-Monitored)
Interface vlan21 (100.66.0.1): Normal (Not-Monitored)
Interface vlan22 (100.66.0.129): Normal (Not-Monitored)
Interface vlan25 (100.65.0.225): Normal (Not-Monitored)
Interface diagnostic (0.0.0.0): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)

Stateful Failover Logical Update Statistics
Link : StateLink Ethernet1/12 (up)
Stateful Obj xmit xerr rcv rerr
General 393 0 1078 0
sys cmd 393 0 393 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 162 0
UDP conn 0 0 274 0
ARP tbl 0 0 247 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
SIP Tx 0 0 0 0
SIP Pinhole 0 0 0 0
Route Session 0 0 0 0
Router ID 0 0 0 0
User-Identity 0 0 1 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0
Rule DB B-Sync 0 0 1 0
Rule DB P-Sync 0 0 0 0
Rule DB Delete 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 5 5645
Xmit Q: 0 1 393

Could you please show a command show failover history detail

please do not forget to rate.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: