Pros and Cons about using two interfaces on Stateful Failover
I am looking for some documentation about the pros and cons about using single interface vs. two interfaces when configuring stateful failover. I know
it is always best to keep the LAN-based failover and stateful failover data streams on separate interfaces. The stateful failover data stream is usually much larger than the LAN-based failover because of the usually large number of connections that come and go. In addition, LAN-based failover messages must be able to travel between the two units without being lost or delayed. Otherwise, the loss of LAN-based failover messages indicates that one or both units have failed. Is there any more deatails on this?
Re: Pros and Cons about using two interfaces on Stateful Failove
This issue is talked about in the Config Guide.
"Sharing a data interface with the Stateful Failover interface can leave you vulnerable to replay attacks. Additionally, large amounts of Stateful Failover traffic may be sent on the interface, causing performance problems on that network segment."
The short of it is that you don't want the ASA to start missing failover hellos because the interface too busy processing stateful failover traffic. The potential being false-positive failover events. I hope this helps answer your question.
I am installing IDE using Firepower. I have set up firepower on the management port. I gave it a .190 address (last quad). The Firepower management center .189 is on a different subnet. That subnet can ping the interface .189 but not the management port ....
Hello,We have a SDA network with DNAC and ISE.In this network we have different teams with different AD domain and PKI. (domains do not trust each other)Users are only sharing same switches in the fabric. We want to authenticate the endpoints with EA...
Questionhello all , i have a issue about the ise 2.6 redirect url, when i finish ise configuration and try to web auth, what i got shown as below:Redirect URL : https://ip:port/portal/gateway?mac=ClientMacValue&portal=27041710-2e58-11e9-98fb 005...
Community Live video- How to optimize your Cisco Security investments with Threat Response
(Live event - formerly known as Webcast- Tuesday February 18, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event had place on Tuesday 18th, Februa...
Join us live from the RSAC show floor on Tuesday, February 25 at 12:30 pm PT (and on demand after) for a livestreaming event that captures the excitement of RSAC and shares the latest from Cisco Security. Host Jason Wright will be joined by Cisco exe...