66-11
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter66 Configuring Active/Standby Failover
Configuring Active/Standby Failover
Step2 To disable monitoring of a listed interface, uncheck the Monitored check box for the interface.
Step3 To enable monitoring of a listed interface, check the Monitored check box for the interface.
Configuring Failover Criteria
You can specify a specific number of interface or a percentage of monitored interfaces that must fail
before failover occurs. By default, a single interface failure causes failover.
Use the Configuration > Device Management > High Availability > Criteria tab to define criteria for
failover, such as how many interfaces must fail and how long to wait between polls. The hold time
specifies the interval to wait without receiving a response to a poll before unit failover.
For information about configuring the hold and poll times, see Configuring the Unit and Interface Health
Poll Times, page66-11.
To configure the interface policy, perform the following steps:
Step1 Choose the Configuration > Device Management > High Availability > Failover > Criteria tab.
Step2 In the Interface Policy area, do one of the following:
To define a specific number of interfaces that must fail to trigger failover, enter a number from 1 to
250 in the Number of failed interfaces field. When the number of failed monitored interfaces
exceeds the value you specify, the ASA fails over.
To define a percentage of configured interfaces that must fail to trigger failover, enter a percentage
in the Percentage of failed interfaces field. When the number of failed monitored interfaces exceeds
the percentage you set, the ASA fails over.
Step3 Click Apply.
Configuring the Unit and Interface Health Poll Times
The ASA sends hello packets out of each data interface to monitor interface health. The appliance sends
hello messages across the failover link to monitor unit health. If the ASA does not receive a hello packet
from the corresponding interface on the peer unit for over half of the hold time, then the additional
interface testing begins. If a hello packet or a successful test result is not received within the specified
hold time, the interface is marked as failed. Failover occurs if the number of failed interfaces meets the
failover criteria.
Decreasing the poll and hold times enables the ASA to detect and respond to interface failures more
quickly but may consume more system resources. Increasing the poll and hold times prevents the ASA
from failing over on networks with higher latency.
Step1 Choose the Configuration > Device Management > High Availability > Failover > Criteria tab.
Step2 To configure the interface poll and hold times, change the following values in the Failover Poll Times
area:
Monitored Interfaces—The amount of time between polls among interfaces. The range is between
1and 15 seconds or 500 to 999 milliseconds.
Interface Hold Time—Sets the time during which a data interface must receive a hello message on
the data interface, after which the peer is declared failed. Valid values are from 5 to 75 seconds.