Below shows you how to configure stateful LAN based failover.
Primary
(config)#interface eth0
(config-if)#nameif inside
(config-if)#ip add 10.1.1.10 255.255.255.0 standby 10.1.1.20(config)#interface eth1
(config-if)#no nameif
(config-if)#no shut(config)#interface eth2
(config-if)#no nameif
(config-if)#no shut(config)#failover
(config)#failover lan unit primary
(config)#failover lan interface failover eth1
(config)#failover lan enable
(config)#failover key <key>
(config)#failover link state eth2
(config)#failover interface ip failover 172.16.50.10 255.255.255.0 standby 172.16.50.20
(config)#failover interface ip state 172.16.51.10 255.255.255.0 standby 172.16.51.20
Secondary
(config)#failover
(config)#failover lan unit secondary
(config)#failover lan interface failover eth2
(config)#failover lan enable
(config)#failover key <key>
(config)#failover interface ip failover 172.16.50.10 255.255.255.0 standby 172.16.50.20
Useful Commands
sh failover state
sh failover interface
sh monitor-interface
monitor-interface
no failover active
failover active
Further information can be found here
- NETCONF & YANG: Automate Network Configs via Python - April 2, 2026
- Palo Alto – How to Configure Your Next-Generation Firewall - April 2, 2026
- How to Harden Linux SSH: Keys, Fail2ban & Ciphers - March 1, 2026
Want to become an IT Security expert ?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
Delta Practice Tests