PIX stateful failover and external circuits

Answered Question
Feb 14th, 2007

Using a pair of PIX firewalls, OS ver 7.2, in a failover setup.

The outside interfaces of the two PIXes are connected to provider on two separate circuits.

Provider claims that in such a configuration, stateful failover does not work, and we need to hook up a switch (or a couple switches) between the pair of PIXes and the two circuits.

Somehow that doesn't ring true to me. I thought stateful failover has nothing to do with the way the outside interfaces are hooked up.

Which way is it?

Can somebody point me to a document that supports either one version or the other?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
mrinmoy.m Mon, 02/19/2007 - 20:31

Hi Dude...

Are you running the Firewall in multiple context mode. What failover you have configured - Active/Active or Active/Standby?

In this scenario the Firewalls are getting seperate updates from diff. devices and routing of the packet will also be different. U cant have diff configuration on two firewalls operating in failover mode.

Am not sure whether you get such scenario.




This Discussion