How is your deployment, FP 4K series, can have multiple FTD instance can be used under 1 chassis.

give more information.

Hi,

" High Availability is Unsupported Features with Clustering" means that you cannot configure failover active-standby within the cluster or between cluster and non-cluster appliance.

Members within the cluster are providing active-active failover services as mentioned in the document "Clustering provides high availability by monitoring chassis, unit, and interface health and by replicating connection states between units".

In doc, it also states further: 

"When a unit in the cluster fails, the connections hosted by that unit are seamlessly transferred to other units; state information for traffic flows is shared over the control cluster link"

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_cluster_for_the_fxos_chassis.html

I would suggest restart the appliance one by one, you can start with any unit, master or slave. Wait for the restarted unit to come back, joined the cluster and then proceed with the second one.

@balaji.bandi 

Thanks for your comment.

Please find an output,

> show cluster info
Cluster XXX-XXX-XXX: On
Interface mode: spanned
This is "unit-1-1" in state MASTER
ID : 0
Site ID : 1
Version : 9.9(2)15
Serial No.: XXXXXXXXXXX
CCL IP : 0.0.0.0
CCL MAC : xxxx.xxxx.xxxx
Last join : XXXXX
Last leave: XXXXX
Other members in the cluster:
Unit "unit-2-1" in state SLAVE
ID : 1
Site ID : 1
Version : 9.9(2)15
Serial No.: XXXXXXXXXXX
CCL IP : 0.0.0.0
CCL MAC : xxxx.xxxx.xxxx
Last join : XXXXX
Last leave: XXXXX

@Muhammad Awais Khan 

Thanks for your comment.

We did reboot the slave device in the cluster, but we had a issue accessing internet till the slave device came up completely, but can't say the entire site is down only few of the connections didn't work, so guessing the connections handled by slave was stopped working.

We waited for almost 15 mins, the internet on the of the machine didn't work until the slave device came up, any thought on this?

The connections were dual-homed to Master-slave and part of ether-channel ? 

If it is part of ether-channel then there should no connection should have been disturbed at first place and if it happened then need more investigation.

If there are some connections on your appliances which are not part of port-channel and unique to each appliance then it is expected behavior. Those connections cannot be transfer.

@Muhammad Awais Khan 

Thanks for your input, it makes sense, let me verify the connections if it's part of Port-Channel.

Meanwhile do you have handy commands for cluster to check the configuration?

here is the guidelines on how to deploy Cluster 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_cluster_for_the_fxos_chassis.html

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

how is your deployment? FW in stick or inline mode?

inline mode for reference :

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html