Re: FTD HA failover scenario (No data interface monitored)

00u17 · ‎12-02-2021

Hello Everyone,

I have a FTD pair in HA with active standby configuration. Both peer are connected to DC switches using VPC.

A direct failover and staelink is connected between both peers. We do not have any data interface monitored or standby ip configured on it. i.e. inside and ouside

1) If failover link and/or statelink disconnects in this case then what would happen?

2) if data interfaces were also being monitored with standby ip and failover link and/or statelink fails then what would happen?

balaji.bandi · ‎12-03-2021

1) If failover link and/or statelink disconnects in this case then what would happen?

They become the split brain. that means both become active. (then one should manually shut down to restore the services.

2) if data interfaces were also being monitored with standby ip and failover link and/or statelink fails then what would happen?

Good failure scenarios are explained below :

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help