With Cisco ASA active/standby failover, what is needed to enable subsecond failover?
A.
Use redundant interfaces.
B.
Enable the stateful failover interface between the primary and secondary Cisco ASA.
C.
Decrease the default unit failover polltime to 300 msec and the unit failover holdtime to 900
msec.
D.
Decrease the default number of monitored interfaces to 1.
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa83/asdm63/configuration_guide/ha_active_stan
dby.html
Configuring the Unit and Interface Health Poll Times
The adaptive security appliance sends hello packets out of each data interface to monitor interface
health. The appliance sends hello messages across the failover link to monitor unit health. If the
adaptive security appliance does not receive a hello packet from the corresponding interface on
the peer unit for over half of the hold time, then the additional interface testing begins. If a hello
packet or a successful test result is not received within the specified hold time, the interface is
marked as failed. Failover occurs if the number of failed interfaces meets the failover criteria.
Decreasing the poll and hold times enables the adaptive security appliance to detect and respond
to interface failures more quickly, but may consume more system resources. Increasing the poll
and hold times prevents the adaptive security appliance from failing over on networks with higher
latency.