This document provides information on when the write
standby command should be used and the effect of the
Technical Tips Conventions for more information on document
When should I issue the command write standby, and what issues could
result if that command is used?
A. You almost never need to enter the command write
standby. Here is some information to help you better understand
what happens when that command is used.
When you enter the write standby command, it
causes the peer standby firewall to clear out its configuration. Effectively it
issues a clear config all command. This causes the
standby to erase its configuration within access control lists (ACLs),
interfaces, and so on, and it resynchronizes its full configuration from the
active peer. In addition, while the configuration is erased, all management
sessions to the standby firewall are cleared. This is a result because the
interfaces have reinitialized. The standby CPU load may increase because of the
need to recompile the ACL data structures on the Adaptive Security Appliance
(ASA) after the configuration rebuilds and resynchronizes.
Note: This command does not actually issue a write
memory command on the standby firewall. The standby firewall's
configuration is not written to flash memory after the configuration is
synchronized as noted in the ASA command reference for write
standby. In order to save the configuration on the standby
firewall, enter the write memory command from the
active firewall. Refer to the
ASA Series Command Reference, 8.4, 8.5, 8.6, and 8.7 document for more
information on write standby.
In general, the only time a write standby
should be issued is if you have confirmed that the standby firewall's
operational configuration does not match the active firewall's configuration.
You should confirm that the configurations are out-of-sync. Enter the
show run command on both units and compare the
results. The only difference should be the failover lan
unit command, which indicates a primary versus secondary.