FTD High Availability

A high availability (HA), or failover configuration, joins two devices into a primary/secondary setup so that if the primary device fails, the secondary automatically takes over. Configuring high availability, also called failover, requires two identical FTD devices connected to each other through a dedicated failover link and, optionally, a state link. The health of the active unit (hardware, interfaces, software, and environmental status) is monitored to determine if specific failover conditions are met. If those conditions are met, failover occurs. This helps keep your network operation in case of a device failure or during a maintenance period when the devices are upgrading. See the related articles below for more information. 

The units form an active/standby pair, where the primary unit is the active unit and passes traffic. The secondary (standby) unit does not actively pass traffic, but synchronizes configuration and other state information from the active unit. The two units communicate over the failover link to determine the operating status of each unit.

Note: When you opt to read from or deploy to an FTD HA pair, you are reading from or deploying to the active device of the HA pair. 

Related Articles:

• Failover and Stateful Link for FTD High Availability
• FTD High Availability Pair Requirements
• Create a FTD High Availability Pair
• Onboard a FTD High Availability Pair
• FTD High Availability Status Page
• Break FTD High Availability
• FTD High Availability Failover History
• Refresh the FTD High Availability Status
• Force a Failover on a FTD High Availability Pair
• Upgrade a FTD High Availability Pair
• Reading, Discarding, Polling for, and Deploying Configuration Changes
• Read Configuration Changes from FTD to CDO
• Deploy Configuration Changes from Defense Orchestrator to FTD