Re: Path monitor

Knassi · ‎08-19-2024

I need to configure a path monitor between two cisco 2130 FTDs.
The goal is to monitor the traffic and kick in fail over if there is no traffic.
I have 2 screening firewalls in HA pair and 2 VPN firewalls in HA pail. Each VPN firewall is hanging on a screening firewall. I want
the path monitor between the screening firewall and the VPN firewall. The goal is for a VON firewall to fail over to the next if there
is no traffic between the primary screening firewall and the primary VPN firewall.

Can someone point to the right direction

MHM Cisco World · ‎08-19-2024

Instead of that try use

Failover interface-policy num

This make FTD failover when specific number of interface is down (this interface must be monitored)

MHM

ccieexpert · ‎08-19-2024

I would suggest you show a diagram and explain what is your end goal or requirement so we can provide the optimal solution.. there may be better solutions. why are you wanting to failover ? are these firewalls in two different locations ? when there is not firewall traffic are you saying that there is a potential connectivity loss ? have you considered just using a routing protocol ? Again trying to understand the use case, so we can better design this for you.

Knassi · ‎08-20-2024

MHM Cisco World · ‎08-20-2024

It not so accurate topolgy since OUT of both FTD not connect to SW but anyway

FW HA failover happened when

1- active is totally down

2- the num/percentage of monitoring interface is down

3- force fialover by run command

Point 3 can use with EEM but believe me it hard and not optimal

Point 2 can config and it work I think

MHM