Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
1
Helpful
2
Replies

Configuring HA on two FPR-1010s and connecting them together

Carlton
Level 1
Level 1

‎06-12-2023 04:16 PM

Will two FPR-1010s connect to each other with no issues if one of the FPRs does not use the command listed below? Also, I'm going to apply the High Availability config individually to both devices first and connect them to each other afterwards. Anyone have experience on this topic. Any advice would help, thanks.

 

failover lan unit primary  <---------------------COMMAND

Labels:
2 Replies 2

Marius Gunnerud
VIP
VIP

‎06-13-2023 03:37 AM

What software are the FTD1010 devices running? (ASA or FTD) and what software version are both running?

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

MHM Cisco World
VIP
VIP

‎06-13-2023 03:43 AM - edited ‎06-13-2023 03:46 AM

I dont get your Q totally 
but 
you can config each FRP then connect failover link, after that each FRP detect mate and the election process is start and win will be the ACTIVE of FW HA

from cisco Doc. 

Primary/Secondary Roles and Active/Standby Status

When setting up Active/Standby failover, you configure one unit to be primary and the other to be secondary. During configuration, the primary unit's policies are synchronized to the secondary unit. At this point, the two units act as a single device for device and policy configuration. However, for events, dashboards, reports and health monitoring, they continue to display as separate devices.

The main differences between the two units in a failover pair are related to which unit is active and which unit is standby, namely which IP addresses to use and which unit actively passes traffic.

However, a few differences exist between the units based on which unit is primary (as specified in the configuration) and which unit is secondary:

  • The primary unit always becomes the active unit if both units start up at the same time (and are of equal operational health).

  • The primary unit MAC addresses are always coupled with the active IP addresses. The exception to this rule occurs when the secondary unit becomes active and cannot obtain the primary unit MAC addresses over the failover link. In this case, the secondary unit MAC addresses are used.

Active Unit Determination at Startup

The active unit is determined by the following:

  • If a unit boots and detects a peer already running as active, it becomes the standby unit.

  • If a unit boots and does not detect a peer, it becomes the active unit.

  • If both units boot simultaneously, then the primary unit becomes the active unit, and the secondary unit becomes the standby unit.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card