Chapter 7. Increasing Firewall Availability with Failover Refer to the following sections for information about these topics: 7-1: Firewall Failover Overview Provides a concise reference of information about how Cisco Firewall Failover works. 7-2: Configuring Firewall Failover Covers the steps needed to configure and use firewalls as a failover pair. 7-3: Firewall Failover Configuration Examples Presents several complete examples of different types of failover configurations. 7-4: Managing Firewall Failover Explains the commands you can use to verify failover operation and to manually intervene in the failover process. 7-5: Upgrading Firewalls in Failover Mode Discusses a strategy for upgrading the operating system image on a failover pair of firewalls. The previous chapters in this book explain how to configure a single Cisco firewall to inspect traffic and provide the necessary security policies in a network. As long as that firewall continues to run properly, has a continuous source of power, and has consistent network connectivity, it can offer reliable service. What happens when those conditions are less than perfect? Cisco firewalls can be configured as failover pairs, allowing two physical firewall platforms to operate in tandem. The result is greater reliability, because one or both firewalls are always available for use. Firewall failover is possible in two forms: Active-standby One firewall takes on the active role, handling all the normal security functions. The other firewall stays in standby mode, ready to take over the active role in the event of a failure. Active-active Both firewalls can operate with one or more separate security contexts. For each context, one firewall can take on the active role, handling all the normal firewall functions for that context. The other firewall can take on the standby role for the context, waiting to take over the active role from its peer. The active and standby roles can be arbitrarily assigned across the whole set of security contexts. In this way, one firewall is active for one group of contexts, and the other firewall is active for another group. |