Synchronizing the Primary and Secondary Firewalls

Configurations are synchronized from the active FWSM unit to the standby FWSM unit. The FWSM is configured with an initial set of commands for failover. The primary and secondary status for FWSM is defined in this initial set of commands (refer to Table 12-1 in the next section, "Monitoring Interfaces"). The FWSM becomes the primary firewall and its peer FWSM becomes the secondary or standby firewall, after enabling the initial set of failover commands. The standby FWSM will have failover commands, and the rest of the configurations are obtained from the primary FWSM. The secondary FWSM synchronizes with the primary FWSM. The synchronization can be triggered by the write standby command, which will copy the configuration from the primary FWSM to the secondary FWSM.

In multiple context mode, in a specific context in the primary FWSM, if write memory is executed, the primary FWSM copies the configuration to the secondary FWSM. The write memory must be executed per context level. Likewise, in the system context, if write memory all is executed, all the configurations from all the contexts are copied to the secondary FWSM. When using the write memory all command, it is not necessary to access each context for copying the configurations to the secondary FWSM.

