Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
4
Replies

Firewall Security Context Failover

Go to solution
highmiles2
Level 1
Level 1

‎04-22-2015 10:47 AM - edited ‎03-11-2019 10:49 PM

Hi

I have a Cisco 5585 running in multi context mode with 4 contexts enabled: Admin, Red, Blue, White

All contexts are assigned to join-failover-group 1

All contexts are currently Active in Primary firewall

Would I be able to failover just the Blue context and make it Active in Secondary FW?

And how?

If I log in to the Active Blue context and issue "failover exec standby failover active", would this cause all group 1 members to failover to Secondary or just the Blue context?

I am reluctant to try this in an production environment and find out that I have to failover the entire group-1.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thiland
Level 3
Level 3

‎04-22-2015 11:08 AM

You would need to setup your second failover group and assign 'Blue' to it in the system context:

failover group 2
  replication http
  polltime interface msec 500 holdtime 5

context BLUE
  join-failover-group 2

 

Context failovers are based on failover-group membership, so all of them would failover.
Also I would wait until a change window to do any failover reconfiguration or testing.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
thiland
Level 3
Level 3

‎04-22-2015 11:08 AM

You would need to setup your second failover group and assign 'Blue' to it in the system context:

failover group 2
  replication http
  polltime interface msec 500 holdtime 5

context BLUE
  join-failover-group 2

 

Context failovers are based on failover-group membership, so all of them would failover.
Also I would wait until a change window to do any failover reconfiguration or testing.

0 Helpful

Go to solution
highmiles2
Level 1
Level 1
In response to thiland

‎04-22-2015 11:15 AM

Thanks thiland...

Once I create and join Blue to group-2, where do I trigger the failover for group-2 from?

Do I trigger the failover from the Security context, or from the Blue context? {suspect it is from the Security context?!!}

My window is at 2AM!

Thanks again.

0 Helpful

Go to solution
thiland
Level 3
Level 3
In response to highmiles2

‎04-22-2015 11:30 AM

You'd do it from the system context and specify the group.

 

So if you were on the 02 ASA:

changeto system

failover active group 2

0 Helpful

Go to solution
highmiles2
Level 1
Level 1
In response to thiland

‎04-24-2015 11:05 AM

Yep...that worked.

Thanks thiland for your quick and prompt reply.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card