Cisco Cisco ASA 5515-X Adaptive Security Appliance - No Payload Encryption 중요 안전 수칙
Q&A: On the ASA, when should the write standby
command be used and what happens when it is
used?
command be used and what happens when it is
used?
Document ID: 115999
Contributed by Magnus Mortensen, Michael Robertson, and Andrew
Ossipov, Cisco TAC Engineers.
Mar 25, 2013
Ossipov, Cisco TAC Engineers.
Mar 25, 2013
Contents
Introduction
When should I issue the command write standby, and what issues could result if that command is used?
Related Information
Related Information
Introduction
This document provides information on when the write standby command should be used and the effect of
the command.
the command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Q. When should I issue the command write standby, and what issues
could result if that command is used?
could result if that command is used?
A. You almost never need to enter the command write standby. Here is some information to
help you better understand what happens when that command is used.
help you better understand what happens when that command is used.
When you enter the write standby command, it causes the peer standby firewall to clear out
its configuration. Effectively it issues a clear config all command. This causes the standby to
erase its configuration within access control lists (ACLs), interfaces, and so on, and it
resynchronizes its full configuration from the active peer. In addition, while the configuration
is erased, all management sessions to the standby firewall are cleared. This is a result because
the interfaces have reinitialized. The standby CPU load may increase because of the need to
recompile the ACL data structures on the Adaptive Security Appliance (ASA) after the
configuration rebuilds and resynchronizes.
its configuration. Effectively it issues a clear config all command. This causes the standby to
erase its configuration within access control lists (ACLs), interfaces, and so on, and it
resynchronizes its full configuration from the active peer. In addition, while the configuration
is erased, all management sessions to the standby firewall are cleared. This is a result because
the interfaces have reinitialized. The standby CPU load may increase because of the need to
recompile the ACL data structures on the Adaptive Security Appliance (ASA) after the
configuration rebuilds and resynchronizes.
Note: This command does not actually issue a write memory command on the standby
firewall. The standby firewall's configuration is not written to flash memory after the
configuration is synchronized as noted in the ASA command reference for write standby. In
order to save the configuration on the standby firewall, enter the write memory command
from the active firewall. Refer to the Cisco ASA Series Command Reference, 8.4, 8.5, 8.6,
and 8.7 document for more information on write standby.
firewall. The standby firewall's configuration is not written to flash memory after the
configuration is synchronized as noted in the ASA command reference for write standby. In
order to save the configuration on the standby firewall, enter the write memory command
from the active firewall. Refer to the Cisco ASA Series Command Reference, 8.4, 8.5, 8.6,
and 8.7 document for more information on write standby.
In general, the only time a write standby should be issued is if you have confirmed that the
standby firewall's operational configuration does not match the active firewall's configuration.
You should confirm that the configurations are out−of−sync. Enter the show run command
on both units and compare the results. The only difference should be the failover lan unit
command, which indicates a primary versus secondary.
standby firewall's operational configuration does not match the active firewall's configuration.
You should confirm that the configurations are out−of−sync. Enter the show run command
on both units and compare the results. The only difference should be the failover lan unit
command, which indicates a primary versus secondary.