Configure Standby IP Addresses and Interface Monitoring

For each interface, set a standby IP address. Although recommended, the standby address is not required. Without a standby IP address, the active unit cannot perform network tests to check the standby interface health; it can only track the link state.

By default, monitoring is enabled on all physical interfaces, for the Firepower 1010 and Secure Firewall 1210/1220 all VLAN interfaces, with logical names configured. You might want to exclude interfaces attached to less critical networks from affecting your failover policy. Firepower 1010 and Secure Firewall 1210/1220 switch ports are not eligible for interface monitoring.

Procedure

Step 1

Choose Devices > Device Management.

Step 2

Next to the device high-availability pair you want to edit, click the Edit (edit icon).

Step 3

Click the High Availability tab.

Step 4

In the Monitored Interfaces area, click the Edit (edit icon) next to the interface you want to edit.

Step 5

Check the Monitor this interface for failures check box.

Step 6

On the IPv4 tab, enter the Standby IP Address.

This address must be a free address on the same network as the active IP address.

Step 7

If you configured the IPv6 address manually, on the IPv6 tab, click the Edit (edit icon) next to the active IP address, enter the Standby IP Address, and click OK.

This address must be a free address on the same network as the active IP address. For autogenerated and Enforce EUI 64 addresses, the standby address is automatically generated.

Step 8

Click OK.