07-16-2009 04:24 PM - edited 03-11-2019 08:56 AM
Folks,
I have a question regarding FWSM failover. I was reading the documentation and it said that hellos are sent out over the failover link as well as all the interfaces. If any of the interfaces goes down the firewall is declaired down???
what is the concept of monitor-interface then? I am confussed please help.
 
					
				
		
07-16-2009 07:29 PM
You can read about monitor-interface command here:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/command/reference/m.html#wp1701962
What you read is correct. Hello messages are sent over the failover link as well as other interfaces.
Both units keep a check on the other. If at any time one unit ends up less healthy (less interfaces up or other hardware failure) then, the healthier of the two will take over as the active unit.
07-16-2009 08:09 PM
if that is the case ( firewalls monitoring each other to see who is healthy based on interface status then why do we need monitor-interface command?
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide