Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Active/Passive Cluster


In an active/passive configuration, the primary device propagates all its network and configuration settings and the current session information to the backup device. If the primary device fails, the backup device becomes the primary device and takes over the traffic processing.


When using a PPPoE connection to an ISP for Internet access, you can bind the PPPoE instance to a VSI interface. In the event of failover, this configuration enables the new master to use the same IP and PPPoE connection as the previous master. For details, see About Configuring PPPoE.

By default, the two cluster members are configured as active/passive after you add them to the cluster object. NSM automatically creates VSD group 0 and transforms physical interfaces into virtual security interfaces (VSIs) for VSD group 0.

To configure an active/passive cluster, you must:

  1. Cable two security devices together.
  2. Select automatic RTO synchronization.
  3. Select the ports that you want the devices to monitor, so that if they detect a loss of network connectivity from one of the monitored ports, the primary device fails over.