Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Cisco ASA HA Active Standby Query

Posted on 2011-09-23
Medium Priority
Last Modified: 2012-05-12

My firewall pairs are currently set to Active / Standby

Could i manually flip the standby firewall to be active and the active to be standby by powercycling the firewall in sequence standby first then active

Would the previously active firewall try to become active when it comes online or will it stay passive till its forced to go active in another sequence powercycle the next week?

Question by:OnaIt
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 79

Assisted Solution

lrmoore earned 200 total points
ID: 36586206
Yes  you can manually cause the failover
No, they don't automatically fail back. As long as one is active and one is standby it doesn't really care which one is which.
LVL 16

Accepted Solution

InteraX earned 200 total points
ID: 36586243
If you want to manually fail between the devices without power cycling you can issue the following from pivilege exec mode on the standby.

failover active

You can also issue the no form of the command on the active firewall.


Author Comment

ID: 36586309
Thankyou for the response Guys

The problem we have (discussed in the past on EE) is that when the active fails the standby takes over fine
But when we fall back from standby to active (failover to how it originally was), both firewalls drop all sessions, and we have to end up going on site, switching off and powering up the firewalls in sequence

All our HA code looks fine and the debugs don’t show anything..

Our ISP is performing planned maintenance which falls in the working day time zone of a client we service so we just wanted to flip firewalls around manually by power cycling them on either weekends of the outage so our customers don’t experience any outage..

so the ISP outage on the active feed is on a Monday the plan is to go in on and flip the firewalls around
i.e. force standby to become active and active to become  standby.
The ISP's maint on their active link won’t affect us
the following weekend we could go in and flip the firewalls back as they were before

Hope this makes sense
LVL 16

Expert Comment

ID: 36586783
It makes sense, but if you are having problems with failover, do the software versions match exactly. I know cisco say that only the major and minor versions need to match, but if you have different releases on the 2 boxes, this may be the cause of the problems you are seeing. Also, which version of software are you running. It may be that there is a bug that is fixed in a newer release. You could take the oportunity of visiting site to upgrade the software if necessary. Have you checked the cisco bug tool?

Author Comment

ID: 36587023
Everything is identical
have practically done everything possible but of no use
another problem we face is that since this is a production enviroment we cant have major testing outages. The only ones we negotiate are spent on system & SAN maintainance.
Thanx for ur suggestion though.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question