Hello @Brad_Shawh,

I am not sure why you want to do this, but you could configure an EEM on the ASA to reload the standby unit and then switch the failover.

failover exec standby reload /noconfirm

Best regards,

Rick

Should have been precise, I don't want to reload every week, but every 2 months or so (there are known "unknown" bugs with Cisco that only a reboot resolves)

I have about 50 sites, so that is 100 Firewalls to reload, and it is out of question to do it manually.

Also, I was worried, if after a reload, the secondary firewall does not come up, then reloading the only active firewall would be a problem.

I am sure there may not be, unless it be for a script, that the primary firewall reloads only if secondary firewall is 'Up' after a reload.

Do you have any specific bugs in mind?

If you really want to do this I would suggest writing a script which executes ssh commands (Netmiko for example).

The flow could be like this:

Log into ASA, reboot standby, ping secondary ASA IP and wait until it is back online (or even better monitor the show failover output to see a "Standby Ready"), then switch roles and reload the standby again.

Best regards,

Rick

Thank you very much. Can you point me to some documentation for the script please? I am not into scripting yet.

Yes, there are multiple bugs but I can only remember one for now. ASA 5516-x and Version 9.8(4.8). ASA looses some routing entries and keeps going after default route unless specific /32 routes are added. I raised a case with TAC and after analysis, they could find nothing. Everything worked after a reload (for 15-20 days) until it broke again.