Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
232
Views
0
Helpful
3
Replies

HA physical port damaged

Go to solution
yogendrarathod
Level 1
Level 1

‎03-20-2025 03:13 AM

Hi all,

What if one of the Firewall's HA physical Port got damaged?  Both firewall will active? if both firewalls will active then which firewall will traverse the traffic? what will be the impact in Active/Active scenario.

Thanks

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-20-2025 03:23 AM

@yogendrarathod its unlikely they'd both become active if a physical interface was damaged. The ASA/FTD determines the health of the other unit by monitoring the failover link with hello messages. When a unit does not receive three consecutive hello messages on the failover link, the unit sends LANTEST messages on each data interface, including the failover link, to validate whether or not the peer is responsive. If no response is heard it fails over to the standby unit.

 

 

View solution in original post

0 Helpful

Go to solution
yogendrarathod
Level 1
Level 1
In response to Rob Ingram

‎03-20-2025 03:28 AM

Hi Rob,

Thanks for your quick reply.

What about the traffic? traffic will traverse form both firewall if yes, then what will be the impact on production ?

 

View solution in original post

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to yogendrarathod

‎03-20-2025 03:37 AM

@yogendrarathod no, only one firewall would be active. If the physical port on the active firewall is damaged and there is no response received, the standby unit would become active. Traffic would traverse the new active firewall, without or with minimal disruption to production traffic. Only one firewall would be active.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎03-20-2025 03:23 AM

@yogendrarathod its unlikely they'd both become active if a physical interface was damaged. The ASA/FTD determines the health of the other unit by monitoring the failover link with hello messages. When a unit does not receive three consecutive hello messages on the failover link, the unit sends LANTEST messages on each data interface, including the failover link, to validate whether or not the peer is responsive. If no response is heard it fails over to the standby unit.

 

 

0 Helpful

Go to solution
yogendrarathod
Level 1
Level 1
In response to Rob Ingram

‎03-20-2025 03:28 AM

Hi Rob,

Thanks for your quick reply.

What about the traffic? traffic will traverse form both firewall if yes, then what will be the impact on production ?

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to yogendrarathod

‎03-20-2025 03:37 AM

@yogendrarathod no, only one firewall would be active. If the physical port on the active firewall is damaged and there is no response received, the standby unit would become active. Traffic would traverse the new active firewall, without or with minimal disruption to production traffic. Only one firewall would be active.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card