We have a pair of FWSM Modules (running 4.0.4) within a pair of VSS 6509-E. Traffic is passing OK, management is OK to the primary FWSM (i.e SSH, SNMP) but we cannot get SSH or SNMP management to the secondary FWSM. My questions is whether this is normal, or should remote access be possible - and if so are additional commands required? (fyi the firewall is pingable so routing is good)
To answer your question, no, this is not normal--you should be able to access your standby FWSM via management protocols like SSH and SNMP.
If you can access the Active unit just fine and you're able to ping the Standby unit, it sounds like your config is OK. I would start by accessing the Standby unit using the 'session slot proc 1' command at the 6509 and checking to make sure the configuration synced normally. At a minimum, you would need something similar to this:
! Applied to the appropriate firewall interface
ip address x.x.x.a 255.255.255.0 standby x.x.x.b
! Applied globally
ssh x.x.x.0 255.255.255.0
If the config looks OK, I would enable SSH debugging ('debug ssh 15') and try again to connect to the Standby unit. The debug messages that get printed to the screen may give you some insight into what is going on.
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS...
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...