11-25-2020 08:35 AM
I have 2 ASA5545 in HA cluster with firepower modules, both firepower modules are unresponsive.
the question is:
if we re-imaged one of the firepower modules, will this cause a failover, and this ASA unit will be active?
or the module re-image is not related to the ASA active-standby status and it will not affect it?
thanks
11-25-2020 08:54 AM
Hi,
Please look on this document:
You find all procedures which help you. I've done this several times with this procedure and everything worked
11-25-2020 09:01 AM
Answer for other question:
ASA and Firepower Service work independently, so If you do reimage Firepower it not cause failover, but remember - on ASA you have configure sfr mode:
fail-open or fail-close - if you have fail-open then ASA still process the packet and not affect it, but if you have fail-close the ASA not proccess at all
11-25-2020 11:06 PM
Hi Mohamed,
If you are planning to do a reimage of the firepower module installed in the ASA you do not like to have any failover incident during the reimage process it's better to stop the monitoring of the service module.
Since both of them are in an unresponsive state both ASA units will consider them as healthy. Now let's say you do reimage of firepower in the standby unit first, now the moment Firepower comes up on that unit ASA will failover to the Standby unit since the current standby is healthier than the Active unit.
run this command before you start the reimage. Then you can enable it back once the reimage is completed.
no monitor-interface service-module
Thanks
Shuhaib
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide