Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
1
Replies

Test connectivity from Standby Firewall without failover

sahdogra
Frequent Visitor
Frequent Visitor

‎01-28-2026 06:47 AM

I have a High-Availability configured for 3110 FTD and I want to test the connectivity to the internet and my DMZ network without switching the role of the FTDs as this would require the downtime and I am not sure if the switching team has correctly done the connectivity or not. They recently changed the connectivity so I do not want to take this risk.

0 Helpful
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎01-28-2026 07:38 AM

Hi,

@sahdogra Perform the following:

1. Ensure HA state for the two boxes, is as expected, Active / Standby; if not, fix it.

2. Verify the state of all monitored interfaces; fix it, if not a expected.

3. From the Active device, ping the standby IPv4 address on each of the links configured with IPv4 addresses; whatever doesn't work, fix it (either no standby IPv4 is configured for that link, either there's a layer 2 issue and the two boxes don't see each other at layer 2 over that segment).

The above tests will validate the HA and control-plane readiness only, data plane can only be checked upon a failover.

Once all of the above tests have passed, it means everything should work upon a failover, so you can safely trigger a manual failover to test data plane as well (validate everything works as expected, afterwards failover back again). 

You can make use of the following document as a guide:

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

Thanks,

Cristian.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card