Firepower Threat Defense High Availability

A high availability (HA), or failover configuration, joins two devices into a primary/secondary setup so that if the primary device fails, the secondary automatically takes over. Configuring high availability, also called failover, requires two identical FTD devices connected to each other through a dedicated failover link and, optionally, a state link. The health of the active unit (hardware, interfaces, software, and environmental status) is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs. This helps keep your network operation in case of a device failure or during a maintenance period when the devices are upgrading. See the related articles below for more information. 

The units form an active/standby pair, where the primary unit is the active unit and passes traffic. The secondary (standby) unit does not actively pass traffic, but synchronizes configuration and other state information from the active unit. The two units communicate over the failover link to determine the operating status of each unit.

Note: When you opt to read from or deploy to an FTD HA pair, you are reading from or deploying to the active device of the HA pair.

Related Articles:

• Failover and Stateful Link for Firepower Threat Defense High Availability
• Firepower Threat Defense High Availability Pair Requirements
• Create a Firepower Threat Defense High Availability Pair
• Onboard a Firepower Threat Defense High Availability Pair
• Firepower Threat Defense High Availability Status Page
• Break Firepower Threat Defense High Availability
• Firepower Threat Defense High Availability Failover History
• Refresh the Firepower Threat Defense High Availability Status
• Force a Failover on a Firepower Threat Defense High Availability Pair
• Read Configuration Changes from FTD to Defense Orchestrator
• Deploy Configuration Changes from Defense Orchestrator to FTD