Network technologies and trends

Sep 24 2016   6:31PM GMT

Cisco ASA FirePOWER Services and  High Availability – Series 1

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

Tags:
Arp
Cisco Firewall
Dynamic Routing
Failover
firewall
NAT
Routing
Syslog
TCP
UDP

The Cisco ASA Appliance  with FirePOWER Services is capable of offering high availability using failover and clustering. When it comes to failover , the Cisco ASA supports following types

  • Active/Standby
  • Active/ Active

The Cisco ASA Appliance  with FirePOWER Services when deployed in Active/Standby failover mode it offers device level redundancy. However only one unit of ASA appliance remains in active mode , where as the other ASA Appliance of the failover pair remain in standby mode.

Figure 1.1- ASA Active Stanby Mode

Figure 1.1- ASA Active Stanby Mode

The ASA Appliance in Active mode is responsible  for the following

  • Active unit accepts all the configuration commands from the user and replicate the same with Standby Unit.
  • All transit traffic is processed.
  • Applies security policies , build and tear down connections .
  • Synchronises all the connection information like global pool addresses, translation table for NAT, TCP/UDP states, ARP table and many other details with the standby unit provided its configured in Stateful failover mode.
  • Forwards all the syslog messages and Netflow Secure Event Logging (NSEL) to the destined event or log collector.
  • Participates in building and maintaining dynamic routing adjacencies with peer routing device

The standby device is not capable of processing any traffic it receives , it simply drops all the transit traffic and only accepts the management connections. The  Standby ASA Appliance becomes fully active automatically, provided that the active ASA appliance becomes less operational healthy than its peer.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: