Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2678
Views
0
Helpful
7
Replies

testfailovergroup

spacemeb
Level 1
Level 1

‎02-10-2022 07:13 AM

Hello guys,

Just a quick question, how testfailovergroup command works?

I suspect we have issues with the failover, failover did not work. so I need to troubleshoot the issue.

I was thinking to execute testfailovergroup command but I don't want to have any downtime. is it safe? or it will perform failover once I execute it??

Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎02-10-2022 09:35 AM

First i would advise to understand your environmetn, is this configured HA with CARP (Common Address Redundancy Protocol)?

 

First check >failoverconfig - see you have group before you doing testfailovergroup

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

spacemeb
Level 1
Level 1

‎02-11-2022 02:11 AM - edited ‎02-11-2022 02:24 AM

Hello,

The profile is configured correctly, it works with CARP and  I see that my second device is the primary which is expected.

How testfailovergroup command works? 

The reason I ask is because when I did a failover two days ago, my network went down. The wsa01 did not undertake the traffic when the wsa02 was down.

On system logs, I saw the following: 

Warning: The following update to the interface failed: ifconfig nic1 x.x.x.x delete Reason: ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address

Warning: the following update to the interface failed:  interface carp12 does not exist.

Warning: The following update to the interface failed: route -n add -host localhost -interface lo0 Reason: add host localhost: gateway lo0 fib 0: route already in table

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to spacemeb

‎02-15-2022 06:34 AM

Do you have any high level diagram how this connected and network diagram.

 

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/119188-technote-wsa-00.html

 

what is the  version you using ?  as per the message, it not taking failover process correctly

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

spacemeb
Level 1
Level 1
In response to balaji.bandi

‎02-16-2022 02:07 AM

Hello,

Unfortunately, we don't have a network diagram, they are directly connected via the hypervisor as far as I know (I have only access on security appliances, but I will tell to systems to check it to be certain).

The version is 14.0.1-053.

0 Helpful

spacemeb
Level 1
Level 1

‎02-15-2022 04:53 AM

Anyone?? 

0 Helpful

spacemeb
Level 1
Level 1

‎04-08-2022 12:44 AM

I did a test with testfailovergroup, it's just the packets that are transmitted between the proxies. If anyone wants to use it, there is no impact in the production. As for the issue described above, possibly it was something temporary(?), not received any complains about the failover link.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to spacemeb

‎04-08-2022 05:22 AM

thanks for the feedback and worked, we close this thread  now

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents