To receive packets from both units in a failover pair standby IP addresses need

address. To receive packets from both units in a failover pair, standby IP addresses need to be configured on all interfaces. Note Do not configure an IP address for the Stateful Failover link if you are going to use a dedicated Stateful Failover interface. You use the failover interface ip command to configure a dedicated Stateful Failover interface in a later step. hostname(config-if)# ip address active_addr netmask standby standby_addr Note In multiple context mode, you must configure the interface addresses from within each context. Use the changeto context command to switch between contexts. The command prompt changes to hostname/ context (config-if)# , where context is the name of the current context. Step 4(Optional) To enable Stateful Failover, configure the Stateful Failover link. a.Specify the interface to be used as Stateful Failover link. b.Assign an active and standby IP address to the Stateful Failover link. The standby IP address must be in the same subnet as the active IP address. You do not need to identify the standby IP address subnet mask. The Stateful Failover link IP address and MAC address do not change at failover except for when Stateful Failover uses a regular data interface. The active IP address always stays with the primary unit, while the standby IP address stays with the secondary unit. c. Enable the interface. hostname(config)# interface phy_if hostname(config-if)# no shutdown Step 5 Configure the failover groups. You can have at most two failover groups. The failover group command creates the specified failover group if it does not exist and enters the failover group configuration mode. For each failover group, you need to specify whether the failover group has primary or secondary preference using the primary or secondary command. You can assign the same preference to both failover groups. For load balancing configurations, you should assign each failover group a different unit preference.

11-26 Cisco Security Appliance Command Line Configuration Guide OL-8629-01 Chapter 11 Configuring Failover Configuring Failover The following example assigns failover group 1 a primary preference and failover group 2 a secondary preference: hostname(config)# failover group 1 hostname(config-fover-group)# primary hostname(config-fover-group)# exit hostname(config)# failover group 2 hostname(config-fover-group)# secondary hostname(config-fover-group)# exit Step 6 Assign each user context to a failover group using the join-failover-group command in context configuration mode.