Solved: Re: Firepower HA Standby Interfaces show unassigned

Scott_22 · ‎02-22-2021

I've noticed that unlike with ASA, the FTD appliances are not configured with a standby IP when the interfaces are configured. Instead, the secondary peer interfaces show as unassigned. Just to wrap my head around this - when the appliances fail over, the IPs are taken over by the secondary peer and it begins answering arp requests for them?

Marvin Rhoads · ‎02-22-2021

Just like with ASA, you can optionally assign standby IP addresses to interfaces in an HA pair.

Either way, the newly active unit will send a gratuitous ARP when it takes over the active role so that the adjacent upstream and downstream devices recognize it as the "owner" of the active IP addresses.

View solution in original post

Marvin Rhoads · ‎02-22-2021

Just like with ASA, you can optionally assign standby IP addresses to interfaces in an HA pair.

Either way, the newly active unit will send a gratuitous ARP when it takes over the active role so that the adjacent upstream and downstream devices recognize it as the "owner" of the active IP addresses.

Scott_22 · ‎02-23-2021

Is there an advantage to adding the standby IP address over using only the single IP? Does it aid in the fail-over time when the peers fail-over between one another?