If I would like to test physical link for command shut/no shut interface on cisco asa . ASA will be detect monitoring interface and take failover or not ? I'm not sure for situation . Please advise me .
Thank you for answer . If I do shut / no shut interface but still IP address and nameif . will failover trigger ? Can you provide step test physical interface for me ? Or I take command " no monitoring-interface" before test .
If you set up Active / Standby. and if you like to test failover
you need to initiate the communication failure, so another FW takes over the active role.
you can do this by shutdown the interface (not the ha link)
or reboot the active FW
some guidance here :
I would like to test physical interface .Not test failover . I want to test physical interface without failover because I will be config new interface.how can I do that? Please advise me.
I want to test physical interface without failover because I will be config new interface.how can I do that?
In this case, you need to remove that interface from the monitor
# sh run all monitor-interface ( you will get the information what interface configured for monitor)
as you mentioned one of the posts to remove the interface being monitored:
I take command " no monitoring-interface" before test .
If the ASA is in failover deployment and as long as interface and standby IP addresses are configured on a physical interface, they start getting monitored automatically.
Which means, if you perform a shut on the active firewall's interface that is being monitored, an automatic failover to secondary will be triggered.
If the idea to test/trigger a failover, you can just execute "shut <interface name>" on the active firewall (provided that interface is actually monitored)