Filter
Top Products
CHAPTER
49-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
49
Configuring Failover
The Failover page provides access to failover settings for the selected security appliance. The available
settings and the overall appearance of the Failover page may change slightly, depending upon the type
of device selected, its mode of operation (routed or transparent), and its context mode (single or
multiple).
In other words, how you configure failover depends upon both the operating mode and the security
context of the security appliance.
Please note the following caveats when assigning an interface as a failover link:
• You can define the interface in the Add/Edit Interface dialog box, but do not configure it. In
particular, do not specify an interface Name, as this parameter disqualifies the interface from being
used as the failover link. See Managing Device Interfaces, Hardware Ports, and Bridge Groups,
page 45-14 for more information.
• IPv6 addresses are not supported for failover links.
• On an ASA 5505, an interface assigned as the backup for another interface cannot be used as a
failover link (although no checking is performed to prevent this).
• Do not assign a PPPoE-enabled interface as a failover link. PPPoE and Failover should not be
configured on the same device interface (although no checking is performed to prevent this).
• A failover interface cannot use the same IP address as another interface, especially the Management
IP address (although no checking is performed to prevent this).
Note also that after you assign an interface as a failover link, the interface is listed on the Interfaces page,
but you cannot edit or delete the interface from that page. The only exception is if you set a physical
interface to be the stateful failover link—you can configure its speed and duplex.
This chapter contains the following topics:
• Understanding Failover, page 49-1
• Basic Failover Configuration, page 49-5
• Additional Steps for an Active/Standby Failover Configuration, page 49-9
• Failover Policies, page 49-10
Understanding Failover
Failover lets you configure two identical security appliances such that one will take over firewall
operations if the other fails. Using a pair of security appliances, you can provide high system availability
without operator intervention.