How to configure the switch with FWSM for failover



The failover feature allows a standby Firewall Services Module (FWSM) to take over the functionality of a failed FWSM. The two FWSMs involved must have the same major (first number) and minor (second number) software version, license, and operating modes (routed or transparent, single or multiple context). When the active unit fails, its state changes to standby, while the standby unit moves into the active state. After a failover occurs, the same connection information is available at the new active unit.

The FWSM supports two types of failovers:

  • In a regular failover scenario, all active connections are dropped. Clients must re-establish connections when the new active module takes over.  

  • In a stateful failover during normal operation, the active module continually passes per-connection stateful information (for each context) to the standby module. The interval between stateful information updates is 10 seconds. If the module polltime is set greater than 10 seconds, then that interval is used.  

Issue the show failover command to view the current failover status.

For additional information, refer to these documents: