Latest revision as of 02:45, 12 February 2024

HA/Redundancy

Manually failover a group to the peer firewall:

admin# changeto system
show failover
failover active group 2 (this makes the currently-logged-in firewall active for group 2)

Move context from group 2 to group 1:

Note: All groups must be on same firewall before you can move a context to another group.

admin# changeto system
# failover active group 2 (this fails group 2 traffic over to this firewall)
# conf t
(config)# context fw02
(config-ctx)# join-failover-group 1
(config-ctx)# end
# wr mem
# no failover active group 2 (this fails group 2 contexts back to other firewall)

# debug crypto condition peer 1.1.1.1

# debug crypto ikev2 protocol 127

# undebug all

@@ Line 13: / Line 13: @@
 ''Note: All groups must be on same firewall before you can move a context to another group.''
-<code>admin# changeto system</code>
+# <code>admin# changeto system</code>
+# <code># failover active group 2</code> ''(this fails group 2 traffic over to this firewall)''
-<code># failover active group 2</code> ''this fails group 2 traffic over to this firewall''
+# <code># conf t</code>
+# <code>(config)# context fw02</code>
-<code># conf t</code>
+# <code>(config-ctx)# join-failover-group 1</code>
+# <code>(config-ctx)# end</code>
-<code>(config)# context fw02</code>
+# <code># wr mem</code>
+# <code># no failover active group 2</code> ''(this fails group 2 contexts back to other firewall)''
-<code>(config-ctx)# join-failover-group 1</code>
-<code>(config-ctx)# end</code>
-<code># wr mem</code>
-<code># no failover active group 2</code> ''this fails group 2 contexts back to other firewall''
 =VPN=