02-28-2007 08:27 AM - edited 03-10-2019 03:29 AM
I have two ASA 5520's with SSM-10 modules configured in active/standby failover mode running 7.2(1).
The IPS policy on the ASA is configured for IPS inline and permit traffic if the module fails. The ASA Criteia tab has the number of interfaces the triggers failover set to 2. The SSM Bypass mode is configured for Auto.
If I execute a reboot of the sensor from the gui (where is states is safely shuts down and reboots the sensor), should it cause the ASA to failover to the secondary?
Thanks.
02-28-2007 10:00 AM
Reboot of SSM module will trigger failover to secondary ASA. When this happens, following debug message is logged if debugs are enabled-
fover_health_monitoring_thread: Primary: Switching to FAILED for reason Detect service card failure.
Regards,
Vibhor.
03-02-2007 03:23 PM
That is correct. I have 2 sets of ASAs with AIP SSMs and even adding a new Sig update will cause the ASAs to failover. The ASA reads the reload of the SSM card as a failure and fails from primary to secondary.
03-11-2007 07:11 PM
Hello,
I wish i could help but i have very little knowledge of IPS.
I also have a pair of asa-5520 that i was told is configured for IPS. But I can't find anything matching/describing an ips configuration in the 'show run' from the cli. Can anyone tell me how to get there to view the ips config that is apparently incomplete (no signature update, notification etc are also missing). what command do I need to issue to view IPS config details. can this be done from cli?
Thanks in advance.
Oumar
04-03-2007 08:22 AM
I don't know if this posting has been closed but you can access the module through the CLI:
firewall# session 1
this will take you to the module. once there just do a show conf to see the configuration.
04-03-2007 08:27 AM
Originally, Cisco called this a bug.. I don't know if it's being considered a feature now, or if it's still a bug, and if so when it might be fixed; this is a real pain because a number of signature updates reload at the end, which triggers a failover...
My .02....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide