49-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 49 Configuring Failover
Failover Policies
Field Reference
Edit Failover Bridge Group Configuration Dialog Box
Use this dialog box to add a standby IP address to a failover bridge group.
Navigation Path
You can access the Edit Failover Bridge Group Configuration dialog box as follows:
On the Failover page presented for an individual security context in transparent mode on an ASA.
Table49-4 Advanced Settings Dialog Box
Element Description
Interface Policy
Select a failed-interfaces option and provide an appropriate value.
Number of failed interfaces When the number of failed monitored interfaces exceeds this value, the
security appliance fails over. Valid values range from 1 to 250.
Percentage of failed
interfaces
When the number of failed monitored interfaces exceeds this
percentage, the security appliance fails over.
Failover Po ll Time
These fields define how often hello messages are sent on the failover link, and how long to wait before
testing the peer for failure if no hello messages are received.
Unit Failover The amount of time between hello messages between failover units.
Enter a value between 1 and 15 seconds, or if msec is checked, between
500 and 999 milliseconds.
Unit Hold Time The amount of time to wait for a hello message on the failover link,
after which the unit begins testing for peer failure. Enter a value
between 3 and 45 seconds. This value must be at least three times the
Unit Failover value.
Monitored Interface The amount of time between polls among interfaces. Enter a value
between 3 and 15 seconds.
MAC Address Mapping
In Active/Standby mode, this table lists interface-virtual MAC address mappings. This is a standard
Security Manager table, with Add Row, Edit Row and Delete Row buttons, which are described in
Using Tables, page1-45.
To add or edit interface mappings, click the Add Row or Edit Row button to open the Add/Edit
Interface MAC Address Dialog Box, page 49-22.
Failover Groups
In Active/Active mode, this table lists both failover groups. To edit failover parameters for either
group, select it in the list and click the Edit Row button to open the Edit Failover Group Dialog Box,
page 49-24.
Bridge Group Configuration
In single-context transparent mode, this table lists all currently defined bridge groups (see Managing
Device Interfaces, Hardware Ports, and Bridge Groups, page 45-14). To add a standby IP address to a
bridge group, select it in the list and click the Edit Row button to open the Edit Failover Bridge Group
Configuration Dialog Box, page 49-16.