Break a high availability pair when active or standby unit has lost connectivity
This task breaks a high availability pair when communication issues prevent normal failover operations between the active and standby units.
Problem: One of the peers has lost connectivity with Cloud-Delivered Firewall Management Center, and the failover link has become non-operational.
|
Primary Device State |
Secondary Device Stat |
Primary Device Connectivity with Security Cloud Control? |
Secondary Device Connectivity with ?Security Cloud Control |
Failover link Operational? (Connectivity between Primary and Secondary devices) |
|---|---|---|---|---|
|
Active |
Standby |
Yes |
No |
No |
|
Standby |
Active |
No |
Yes |
No |
Solution:
First, you can try rectifying the failover interface to restore the communication between the two peers and then perform the break or force break operation to separate the units.
If you cannot repair the connectivity issues of the failover interface, then you must complete additional steps using the device CLI after performing a high availability break operation.
Procedure
Step 1 | In the Security Cloud Control navigation bar, click Security Devices. |
Step 2 | Click the Devices tab to locate your device. |
Step 3 | Click the FTD tab and select the primary device. |
Step 4 | In the Management pane on the left, click High Availability. |
Step 5 | Choose Devices > Device Management. |
Step 6 | Next to the high-availability pair you want to break, click the Break HA. |
Step 7 | Optionally, you can also check the check box to force break as one of the peers does not respond. |
Step 8 | Click Yes. |
Step 9 | Delete the standby device from Security Cloud Control.
|
What to do next
You can onboard the device as a standalone device to Security Cloud Control if required.