Filter
Top Products
49-2
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 49 Configuring Failover
Understanding Failover
The linked security appliances communicate failover information over a dedicated link. This failover
link can be either a LAN-based connection or, on PIX security appliances, a dedicated serial failover
cable. The following information is communicated over the failover link:
• Current failover state (active or standby)
• “Hello” messages (also called “keep-alives”)
• Network link status
• MAC address exchange
• Configuration replication
• Per-connection state information, in the case of Stateful failover
Caution All information sent over the failover link is sent in clear text unless you secure the communication with
a failover key. If the security appliance is used to terminate VPN tunnels, this information includes any
user names, passwords, and preshared keys used for establishing the tunnels. Transmitting this sensitive
data in clear text could pose a significant security risk. We recommend securing failover communications
with a failover key, particularly if you are using the security appliance to terminate VPN tunnels.
Cisco security appliances support two types of failover:
• Active/Standby – The active security appliance inspects all network traffic, while the standby
security appliance remains idle until a failure occurs on the active appliance. Changes to the
configuration of the active security appliance are transmitted over the failover link to the standby
security appliance.
When failover occurs, the standby security appliance becomes the active unit, and it assumes the IP
and MAC addresses of the previously active unit. Because other devices on the network do not see
any changes in the IP or MAC addresses, ARP entries do not change or time-out anywhere on the
network.
Active/Standby failover is available to security appliances operating in single- or multiple-context
mode. In single-context mode, only Active/Standby failover is available, and all failover
configuration is by means of the Failover page.
Note When using Active/Standby failover, you must make all configuration changes on the active
unit. The active unit automatically replicates the changes to the standby unit. The standby
unit should not be imported or added to the Security Manager device list.
Also, you must manually copy the authentication certificate from the active device to the
standby device. See Additional Steps for an Active/Standby Failover Configuration,
page 49-9 for additional information.
• Active/Active – Both security appliances inspect network traffic by alternating their roles—such
that one is active and one is standby—on a per context basis. This means Active/Active failover is
available only on security appliances operating in multiple-context mode.
However, Active/Active failover is not required in multiple-context mode. That is, on a device
operating in multiple-context mode, you can configure Active/Standby or Active/Active failover. In
either case, you provide system-level failover settings in the system context, and context-level
failover settings in the individual security contexts.
See Active/Active Failover, page 49-3 for additional information about this topic.