04-02-2021 03:11 AM
Hi
we have 2 FTD 2110 on 6.4 Version and in actif-passif high availability mode.
And yet we see some remote access anyconnect users connected on the standby unit, is it normal ?
we are going to shut the standby unit, is there any production cut risk on these users ?
thanks
04-02-2021 03:52 AM
In an HA pair, the standby synchronizes the VPN connection state table with the primary. This is so that, in the event of a failover, the users don't have to re-establish a VPN connection.
Shutdown or disconnection of the standby unit will not have any effect on these users' session to the primary unit.
04-02-2021 06:54 AM
Hi Marvin,
Thank you, but the strange thing is that i see users connected on the standby unit but i can not see them on the primary one.
If it was simply VPN connection state table synchronization, i should have seen same users on both appliances but still it's not the case.
04-03-2021 07:53 AM
That is odd. Does "show vpn-sessiondb anyconnect detail" show the users as active? Do those users show up on the active unit at all? Could you contact one of them personally and inquire about their status from their perspective? If you force a logoff for that user from the FTD side do they reconnect to the active unit?
04-05-2021 01:09 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: