Cisco Security Appliance
Failover
Today, most businesses rely heavily on critical application servers that support the
business process. The interruption of these servers due to network device failures or other
causes has a great financial cost, not to mention the irritation such an interruption causes
in the user community. With this in mind, Cisco has designed most of its devices,
including the Security Appliance products (models 515 and up), such that they can be
configured in a redundant or highly available configuration.
The failover feature makes the Cisco Security Appliance a highly available firewall
solution. The purpose of this feature is to ensure continuity of service in case of a failure
on the primary unit.
The failover process requires two Security Appliances—one primary (active mode) and
one secondary (active or standby mode). The idea is to have the primary Security
Appliance handle all traffic from the network and to have the secondary Security
Appliance wait in standby mode in case the primary fails, at which point, it takes over
the process of handling all network traffic. With version 7.0 of the Security Appliance
software, the second Security Appliance can stay in an active mode, allowing both
appliances to act as separate firewalls, while serving as a failover for the other. If a
primary (active) unit fails, the secondary Security Appliance changes its state from
standby mode to active, unless the appliance is in active-active mode, assumes the IP
address and MAC address of the previously active unit, and begins accepting traffic for
it. The new standby unit assumes the IP address and MAC address of the unit that was
previously the standby unit, thus completing the failover process.