Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cisco ASA HA Active Standby Query

Posted on 2011-09-23
Medium Priority
Last Modified: 2012-05-12

My firewall pairs are currently set to Active / Standby

Could i manually flip the standby firewall to be active and the active to be standby by powercycling the firewall in sequence standby first then active

Would the previously active firewall try to become active when it comes online or will it stay passive till its forced to go active in another sequence powercycle the next week?

Question by:OnaIt
  • 2
  • 2
LVL 79

Assisted Solution

lrmoore earned 200 total points
ID: 36586206
Yes  you can manually cause the failover
No, they don't automatically fail back. As long as one is active and one is standby it doesn't really care which one is which.
LVL 16

Accepted Solution

InteraX earned 200 total points
ID: 36586243
If you want to manually fail between the devices without power cycling you can issue the following from pivilege exec mode on the standby.

failover active

You can also issue the no form of the command on the active firewall.


Author Comment

ID: 36586309
Thankyou for the response Guys

The problem we have (discussed in the past on EE) is that when the active fails the standby takes over fine
But when we fall back from standby to active (failover to how it originally was), both firewalls drop all sessions, and we have to end up going on site, switching off and powering up the firewalls in sequence

All our HA code looks fine and the debugs don’t show anything..

Our ISP is performing planned maintenance which falls in the working day time zone of a client we service so we just wanted to flip firewalls around manually by power cycling them on either weekends of the outage so our customers don’t experience any outage..

so the ISP outage on the active feed is on a Monday the plan is to go in on and flip the firewalls around
i.e. force standby to become active and active to become  standby.
The ISP's maint on their active link won’t affect us
the following weekend we could go in and flip the firewalls back as they were before

Hope this makes sense
LVL 16

Expert Comment

ID: 36586783
It makes sense, but if you are having problems with failover, do the software versions match exactly. I know cisco say that only the major and minor versions need to match, but if you have different releases on the 2 boxes, this may be the cause of the problems you are seeing. Also, which version of software are you running. It may be that there is a bug that is fixed in a newer release. You could take the oportunity of visiting site to upgrade the software if necessary. Have you checked the cisco bug tool?

Author Comment

ID: 36587023
Everything is identical
have practically done everything possible but of no use
another problem we face is that since this is a production enviroment we cant have major testing outages. The only ones we negotiate are spent on system & SAN maintainance.
Thanx for ur suggestion though.

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month12 days, 8 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question