Enabling http replication with stateful failover, Disabling and enabling interface monitoring – Cisco ASA 5505 User Manual
Page 1338
63-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 63 Configuring Active/Active Failover
Configuring Active/Active Failover
Enabling HTTP Replication with Stateful Failover
To allow HTTP connections to be included in the state information, you need to enable HTTP
replication. Because HTTP connections are typically short-lived, and because HTTP clients typically
retry failed connection attempts, HTTP connections are not automatically included in the replicated state
information.
You can use the replication http command to cause a failover group to replicate HTTP state information
when Stateful Failover is enabled.
Example
The following example shows a possible configuration for a failover group:
hostname(config)# failover group 1
hostname(config-fover-group)# primary
hostname(config-fover-group)# preempt 100
hostname(config-fover-group)# replication http
hostname(config-fover-group)# exit
Disabling and Enabling Interface Monitoring
You can control which interfaces affect your failover policy by disabling the monitoring of specific
interfaces and enabling the monitoring of others. This feature enables you to exclude interfaces attached
to less critical networks from affecting your failover policy.
You can monitor up to 250 interfaces on a unit. By default, monitoring physical interfaces is enabled and
monitoring subinterfaces is disabled.
Hello messages are exchanged during every interface poll frequency time period between the security
appliance failover pair. The failover interface poll time is 3 to 15 seconds. For example, if the poll time
is set to 5 seconds, testing begins on an interface if 5 consecutive hellos are not heard on that interface
(25 seconds).
Monitored failover interfaces can have the following status:
•
Unknown—Initial status. This status can also mean the status cannot be determined.
•
Normal—The interface is receiving traffic.
•
Testing—Hello messages are not heard on the interface for five poll times.
•
Link Down—The interface or VLAN is administratively down.
•
No Link—The physical link for the interface is down.
Command
Purpose
Step 1
failover group
{1 | 2}
Example:
hostname(config)# failover group 1
Specifies the failover group.
Step 2
replication http
Example:
hostname(config-fover-group)# replication
http
Enables HTTP state replication for the specified failover group.
This command affects only the failover group in which it was
configured. To enable HTTP state replication for both failover
groups you must enter this command in each group. This
command should be entered in the system execution space.