Menu
If you have a planned maintenance and you know you will hit your Failover LAN between two ASA’s in an Active/Standby configuration. If is very useful to temporary disable the Failover mechanism so the Standby firewall stays Standby and you don’t end up in a situation where you have two Active firewalls.
See full list on techspacekh.com. Oct 28, 2020 The Cisco ASA supports active-active and active-standby failover. NOTE When the active unit fails, it changes to the standby state while the standby unit changes to the active state. The unit that becomes active takes ownership of the IP addresses and MAC addresses of the failed unit. ASA Failover – Active Standby Active Standby failover means that two units are working in active – standby configuration where active state is always present on one of the failover pair. The other one is standby. Standby has identical configuration as active and pools an active unit with keep alive packets.
Below is an example output of the
show failover
output of an ASA 5520: (only relevant information is shown in this output)Now login to the Standby firewall and disable failover very easily via the
no failover
command in configuration mode:You can see on the output it adds
NoFailover
to the CLI prompt.We’re back on the Active unit and you can see the Secondary in Disabled where it was previously Standby Ready:
If your maintenance is finished, you should enable the failover mechanism again on the Standby node:
Active Standby Failover Asa Configuration
Now you’re done, check you Active/Standby status again, this should be the same as the first
show failover
command in this post.