![]() The other unit can have a Failover Only (FO) license, a Failover Only Active-Active (FO_AA) license, or another UR license. On the PIX 500 series security appliance, at least one of the units must have an unrestricted (UR) license. See "Performing Zero Downtime Upgrades for Failover Pairs" section on page 41-6 for more information about upgrading the software on a failover pair. We recommend upgrading both units to the same version to ensure long-term compatibility. However, you can use different versions of the software during an upgrade process for example, you can upgrade one unit from Version 7.0(1) to Version 7.0(2) and have failover remain active. They have the same major (first number) and minor (second number) software version. The two units in a failover configuration must be in the operating modes (routed or transparent, single or multiple context). ![]() If it does not, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory will fail. ![]() If using units with different Flash memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has enough space to accommodate the software image files and the configuration files. Note The two units do not have to have the same size Flash memory. They must be the same model, have the same number and types of interfaces, and the same amount of RAM. The two units in a failover configuration must have the same hardware configuration. License Requirements Hardware Requirements.This section contains the following topics: This section describes the hardware, software, and license requirements for security appliances in a failover configuration. Failover Times by Platform Failover System Requirements.This section includes the following topics: VPN failover available for Active/Standby failover configurations only. Note VPN failover is not supported on units running in multiple context mode. Active/Standby failover is available on units running in either single or multiple context mode.īoth failover configurations support stateful or stateless (regular) failover. With Active/Standby failover, only one unit passes traffic while the other unit waits in a standby state. Active/Active failover is only available on units running in multiple context mode. This lets you configure load balancing on your network. With Active/Active failover, both units can pass network traffic. Each failover configuration has its own method for determining and performing failover. The security appliance supports two failover configurations, Active/Active failover and Active/Standby failover. If those conditions are met, failover occurs. The health of the active interfaces and units is monitored to determine if specific failover conditions are met. The failover configuration requires two identical security appliances connected to each other through a dedicated failover link and, optionally, a Stateful Failover link. This chapter includes the following sections:įor failover configuration examples, see Appendix B, "Sample Configurations." Understanding Failover Note The ASA 5505 series adaptive security appliance does not support Stateful Failover or Active/Active failover. This chapter describes the security appliance failover feature, which lets you configure two security appliances so that one takes over operation if the other one fails. Restoring a Failed Unit or Failover Group.Displaying the Failover Commands in the Running Configuration.Configuring Failover Communication Authentication/Encryption.Configuring Optional Active/Active Failover Settings.Configuring LAN-Based Active/Active Failover.Configuring Cable-Based Active/Active Failover (PIX security appliance).Configuring Optional Active/Standby Failover Settings.Configuring LAN-Based Active/Standby Failover.Configuring Cable-Based Active/Standby Failover (PIX Security Appliance Only).Determining Which Type of Failover to Use.Active/Active and Active/Standby Failover.The Failover and Stateful Failover Links. ![]() Configuring an External Server for Security Appliance User Authorization.Managing Software, Licenses, and Configurations.Configuring Tunnel Groups, Group Policies, and Users.Configuring ARP Inspection and Bridging Parameters.Applying Application Layer Protocol Inspection.Configuring AAA Servers and the Local Database.Configuring DHCP, DDNS, and WCCP Services.Configuring Ethernet Settings and Subinterfaces.Configuring Interfaces for the Cisco ASA 5505 Adaptive Security Appliance.Getting Started and General Information. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |