Cisco FirePOWER 7000 Manual Download | Manualshive

Page: 10 / 18

background image

Placing a High-Availability Peer into Maintenance Mode

Access

Supported Domains

Supported Devices

Classic License

Smart License

Admin/Network
Admin

Any

7000 & 8000 Series

Control

N/A

After you establish a 7000 or 8000 Series device high-availability pair, you can manually trigger failover by
placing one of the peers into maintenance mode to perform maintenance on the devices. In maintenance mode,
the system administratively takes down all interfaces except for the management interface. After maintenance
is completed, you can re-enable the peer to resume normal operation.

You should not place both peers in a high-availability pair into maintenance mode at the same time. Doing
so will prevent that pair from inspecting traffic.

Note

Procedure

Step 1

Choose

Devices

>

Device Management

.

Step 2

Next to the peer you want to place in maintenance mode, click the toggle maintenance mode icon (

).

Step 3

Click

Yes

to confirm maintenance mode.

What to do next

• When maintenance is complete, click the toggle maintenance mode icon (

) again to bring the peer out

of maintenance mode.

Replacing a Device in a Stack in a High-Availability Pair

Access

Supported Domains

Supported Devices

Classic License

Smart License

Admin/Network
Admin

Any

Firepower 8140,
8200 family, 8300
family

Control

N/A

After you place a stack that is a member of a high-availability pair into maintenance mode, you can replace
a secondary device in the stack for another device. You can only select devices that are not currently stacked
or paired. The new device must follow the same guidelines for establishing a device stack.

7000 and 8000 Series Device High Availability

10

7000 and 8000 Series Device High Availability

Placing a High-Availability Peer into Maintenance Mode

«
...
8
9
10
11
12
...
»

Summary of Contents for FirePOWER 7000

Page 1: ...ility State Sharing on page 11 Device High Availability State Sharing Statistics for Troubleshooting on page 14 Separating Device High Availability Pairs on page 17 About 7000 and 8000 Series Device High Availability With 7000 and 8000 Series device high availability you can establish redundancy of networking functionality and configuration data between two peer devices or two peer device stacks Y...

Page 2: ...r 8290 with another 8290 None one or all devices in either stack might have a malware storage pack Do not attempt to install a hard drive that was not supplied by Cisco in your device Installing an unsupported hard drive may damage the device Malware storage pack kits are available for purchase only from Cisco and are for use only with 8000 Series devices Contact Support if you require assistance ...

Page 3: ...hanges to the members of a high availability pair at the same time Deploy either succeeds or fails for both peers The Firepower Management Center deploys to the active device if that succeeds then changes are deployed to the standby When you deploy resource demands may result in a small number of packets dropping without inspection Additionally deploying some configurations restarts the Snort proc...

Page 4: ...ts Inline Deployment Redundancy Because an inline set has no control over the routing of the packets being passed through it it must always be active in a deployment Therefore redundancy relies on external systems to route traffic correctly You can configure redundant inline sets with or without 7000 or 8000 Series device high availability To deploy redundant inline sets you configure the network ...

Page 5: ...pletes the high availability pair and sets it to a normal status After you establish a high availability pair the system treats the peer devices or stacks as a single device on the Device Management page Device high availability pairs display the High Availability icon in the appliance list Any configuration changes you make are synchronized between the paired devices The Device Management page di...

Page 6: ...s in a high availability pair must belong to the same domain Before you begin Confirm that all requirements are met see Device High Availability Requirements on page 2 Procedure Step 1 Choose Devices Device Management Step 2 From the Add drop down menu choose Add High Availability Step 3 Enter a Name Step 4 Under Device Type choose Firepower Step 5 Assign roles for the devices or stacks a Choose t...

Page 7: ...ns on the High Availability page to make changes to the high availability pair configuration as you would a single device configuration Configuring Individual Devices in a High Availability Pair Access Supported Domains Supported Devices Classic License Smart License Admin Network Admin Leaf only 7000 8000 Series Control N A After you establish a 7000 or 8000 Series device high availability pair y...

Page 8: ... 8 Procedure Step 1 Choose Devices Device Management Step 2 Next to the device high availability pair where you want to edit the configuration click the edit icon In a multidomain deployment if you are not in a leaf domain the system prompts you to switch Step 3 Click the Stacks tab Step 4 From the Selected Device drop down list choose the stack you want to modify Step 5 Next to the General sectio...

Page 9: ...modify Step 5 Configure interfaces as you would on an individual device Related Topics Virtual Router Configuration Switching the Active Peer in a Device High Availability Pair Access Supported Domains Supported Devices Classic License Smart License Admin Network Admin Any 7000 8000 Series Control N A After you establish a 7000 or 8000 Series device high availability pair you can manually switch t...

Page 10: ...es Device Management Step 2 Next to the peer you want to place in maintenance mode click the toggle maintenance mode icon Step 3 Click Yes to confirm maintenance mode What to do next When maintenance is complete click the toggle maintenance mode icon again to bring the peer out of maintenance mode Replacing a Device in a Stack in a High Availability Pair Access Supported Domains Supported Devices ...

Page 11: ...t configure and enable HA link interfaces on both devices or the primary stacked devices in the high availability pair before you can configure high availability state sharing Firepower 82xx Family and 83xx Family devices require a 10G HA link while other model devices require a 1G HA link You must disable state sharing before you can modify the HA link interfaces If paired devices fail over the s...

Page 12: ...h state sharing the system immediately blocks the connection on the peer device or stack as well When establishing state sharing for a high availability pair you can configure the following options Enabled Click the check box to enable state sharing Clear the check box to disable state sharing Minimum Flow Lifetime Specify the minimum time in milliseconds for a session before the system sends any ...

Page 13: ...avior for more information Caution Procedure Step 1 Configure HA link interfaces for each device in the device high availability pair see Configuring HA Link Interfaces Step 2 Choose Devices Device Management Step 3 Next to the device high availability pair you want to edit click the edit icon In a multidomain deployment if you are not in a leaf domain the system prompts you to switch Step 4 In th...

Page 14: ...r of packets sent by the peer device During active use the values may not match but should be close Because the number of messages received should be close and incrementing at the same rate as the number of messages sent by the peer the number of packets received should have the same behavior For troubleshooting you should view both the packets received and the messages sent compare the rate of in...

Page 15: ...ent to the peer This data are useful in comparison to the number of messages received During active use the values may not match but should be close The number of bytes received on the peer should be close to but not more than this value Contact Support if the total bytes received is not incrementing at about the same rate as the bytes sent Tx Errors Tx errors are the number of memory allocation f...

Page 16: ...figuration in the State Sharing section of the High Availability page The HA link interface that is being used and its current link state Detailed synchronization statistics for troubleshooting issues The state sharing statistics are primarily counters for different aspects of the high availability synchronization traffic sent and received along with some other error counters In addition you can v...

Page 17: ...rations active in which case the standby peer resumes normal operation The standby peer always loses the configuration of passive interfaces Any peer in maintenance mode resumes normal operation Procedure Step 1 Choose Devices Device Management Step 2 Next to the high availability pair you want to break click the Break HA icon Step 3 Optionally check the check box to remove the interface configura...

Page 18: ...7000 and 8000 Series Device High Availability 18 7000 and 8000 Series Device High Availability Separating Device High Availability Pairs ...

Reviews:

No comments

Related manuals for FirePOWER 7000

ProSafe FVS318v3

Brand: NETGEAR Pages: 20

Brand: ZyXEL Communications Pages: 2

Brand: ZyXEL Communications Pages: 2

Brand: ZyXEL Communications Pages: 2

Brand: ZyXEL Communications Pages: 394

FortiBridge-1000

Brand: Fortinet Pages: 2

Proventia Management SiteProtector SP2001

Brand: IBM Pages: 57

Brand: Excelsecu Data Technology Co., Ltd. Pages: 17

Brand: Belden Pages: 52

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands