49-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter4 9 Configuring Failover
Understanding Failover
In addition, failover can be stateless or stateful:
Stateless – Also referred to as “regular” failover. With stateless failover, all active connections are
dropped when failover occurs. Clients need to re-establish connections when the new active unit
takes over.
Stateful – The active unit in the failover pair continually passes per-connection state information to
the standby unit. When failover occurs, the same connection information is available on the new
active unit. Supported end-user applications are not required to reconnect to maintain the current
communication session.
See Stateful Failover, page 49-4 for more information.
Related Topics
Chapter 49, “Configuring Failover”
Basic Failover Configuration, page49-5
Failover Policies, page 49-10
Active/Active Failover
Active/Active failover is available only on security appliances operating in multiple-context mode. In an
Active/Active failover configuration, both security appliances inspect network traffic, on a per-context
basis. That is, for each context, one of the appliances is the active device, while the other is the standby
device.
The active and standby roles are assigned over the complete set of security contexts, more or less
arbitrarily.
To enable Active/Active failover on the security appliance, you must assign the security contexts to one
of two failover groups. A failover group is a simply a logical group of one or more security contexts.
You should specify failover group assignments on the unit that will have failover group 1 in the active
state. The admin context is always a member of failover group 1. Any unassigned security contexts are
also members of failover group 1 by default.
As in Active/Standby failover, each unit in an Active/Active failover pair is given a primary or secondary
designation. Unlike Active/Standby failover, this designation does not indicate which unit is active when
both units start simultaneously. Each failover group in the configuration is given a primary or secondary
role preference. This preference determines the unit on which the contexts in the failover group appear
in the active state when both units start simultaneously. You can have both failover groups be in the active
state on a single unit in the pair, with the other unit containing the failover groups in the standby state.
However, a more typical configuration is to assign each failover group a different role preference to make
each one active on a different unit, balancing the traffic across the devices.
Note To reliably manage security contexts in Active/Active failover mode, Cisco Security Manager requires
an IP address for the management interface of each context so that it can communicate directly with the
active security context of a failover pair.
Initial configuration synchronization occurs when one or both units start. This synchronization occurs
as follows:
When both units start simultaneously, the configuration is synchronized from the primary unit to the
secondary unit.