Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17023
Views
10
Helpful
6
Replies

ASA reboot

Go to solution
jm.virtual01
Level 1
Level 1

‎10-05-2017 05:27 AM - edited ‎03-12-2019 04:36 AM

In my network, i have ASA 5510 in pair, Active  and stand by. I want to  reboot this firewall without network downtime. Can someone suggest the process ?

I know about the force failover but want to make sure for that?

Can some one suggest step by sep process for this reboot process?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to jm.virtual01

‎10-05-2017 07:54 AM

If your failover is working correctly (and you have configured it as stateful failover) then the VPNs will keep working.
Check the output of "show failover" if everything is fine there.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Karsten Iwen
VIP
VIP

‎10-05-2017 07:43 AM

First: Why do you want to reboot? Is it for updating software?

In general:

  1. On the active ASA: Do a "failover reload-standby". This will reload the standby unit. Wait for the standby ASA to come back.
  2. Still on the active ASA: While there is no important communication, do a "no failover active". The other unit will take over the active role. You will lose the connectivity to your SSH-session here.
  3. Login again to the active ASA (which is the other ASA now) and also do a "failover reload-standby". Both ASAs are now reloaded.

Go to solution
jm.virtual01
Level 1
Level 1
In response to Karsten Iwen

‎10-05-2017 07:51 AM

During this process, what happen with active VPN session ? Will they be terminated or not ?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to jm.virtual01

‎10-05-2017 07:54 AM

If your failover is working correctly (and you have configured it as stateful failover) then the VPNs will keep working.
Check the output of "show failover" if everything is fine there.
0 Helpful

Go to solution
Florin Barhala
Level 6
Level 6
In response to Karsten Iwen

‎07-27-2018 04:36 AM

Hi Karsten,

I have a quick question: for an Active-Active scenario how can I simply reboot both units without concern for network impact?
With Cisco stacking switches I can either reboot the stack or just one member of the stack. What about ASAs?

Thanks!
0 Helpful

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni
In response to Florin Barhala

‎07-27-2018 06:15 AM

Hi Florin,

The trick with active-active failover scenario is to make both failover groups active on the primary or secondary unit.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/111867-asa-failover-upgrade.html#Actact

 

HTH

Bogdan

Go to solution
Florin Barhala
Level 6
Level 6
In response to Bogdan Nita

‎08-01-2018 04:01 AM

I am mixing things here: ASA failover technology is distinct to stacking technology.
I did as Bogdan mentioned and rebooted one member at a time.
0 Helpful
Customers Also Viewed These Support Documents