Skip to content

How to Configure Failover on Cisco ASA Firewall

Configuring a Cisco ASA firewall to achieve resiliency is straightforward. Implementing the failover feature in the firewall to be on Active Standby mode can achieved by the following commands.

Please note that it is not recommended to use the Management interface for failover purposes, especially for stateful failover in which the security appliance constantly sends the connection information from one security appliance to the other.

Furthermore, we have to consider the future implication of using such Management Interface, as you may be want to create a completely new network for the Out Of Bound (OOB) access where the Management Interface on each device will participate. Therefore, using a Management Interface might cause design issues in the future.

On this example below, I will be using GigabitEthernet0/5 on both devices as the Failover interface.

Primary

Secondary

Once you have the configuration in place, you should see the following message.

comments powered by Disqus