Cisco IOS Firewall Stateful Failover (CCIE Notes)

Stateful failover for the Cisco IOS firewall enables a router to continue processing and forwarding firewall session packets after a planned or unplanned outage occurs.

Stateful failover for the Cisco IOS firewall is designed to work in conjunction with Stateful Switchover (SSO) and Hot Standby Routing Protocol (HSRP).


  • The Cisco IOS firewall configuration that is on the active device must be duplicated on the standby device. The configuration information between the active and standby device is NOT automatically transferred, and the user is responsible for ensuring that the configuration matches on both devices.
  • The devices must be running the same Cisco IOS software.
  • Both router should be the same type of device, have the same CPU and memory.

