Chapter 14
Configuring Failover
•
Disabling Failover
To disable failover, enter the following command:
hostname(config)# no failover
Disabling failover on an Active/Standby pair causes the active and standby state of each unit to be
maintained until you restart. For example, the standby unit remains in standby mode so that both units
do not start passing traffic. To make the standby unit active (even with failover disabled), see the
"Forcing Failover" section on page
Disabling failover on an Active/Active pair causes the failover groups to remain in the active state on
whichever unit they are currently active on, no matter which unit they are configured to prefer. The no
failover command should be entered in the system execution space.
Restoring a Failed Unit or Failover Group
To restore a failed unit to an unfailed state, enter the following command:
hostname(config)# failover reset
To restore a failed Active/Active failover group to an unfailed state, enter the following command:
hostname(config)# failover reset group group_id
Restoring a failed unit or group to an unfailed state does not automatically make it active; restored units
or groups remain in the standby state until made active by failover (forced or natural). An exception is a
failover group configured with the preempt command. If previously active, a failover group becomes
active if it is configured with the preempt command and if the unit on which it failed is the preferred
unit.
Monitoring Failover
When a failover occurs, both security appliances send out system messages. This section includes the
following topics:
•
OL-10088-01
hostname# no failover active
For Active/Active failover:
Enter the following command in the system execution space of the unit where the failover group is
in the standby state:
hostname# failover active group group_id
Or, enter the following command in the system execution space of the unit where the failover group
is in the active state:
hostname# no failover active group group_id
Entering the following command in the system execution space causes all failover groups to become
active:
hostname# failover active
Failover System Messages, page 14-48
14-46.
Cisco Security Appliance Command Line Configuration Guide
Controlling and Monitoring Failover
14-47