Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
2
Replies

Failover Communication

haithamnofal
Level 3
Level 3

‎05-05-2007 11:03 AM - edited ‎03-11-2019 03:09 AM

Hi,

I am reviewing the PIX config of my client who is configuring deny ip any any ACL on the failover interface between the 2 failover units!!

I was confused of this configuration and just would like to check if this will deny the stateful information flow b/ the 2 firewalls?

Please advise!

Regards,

Haitham

Labels:
0 Helpful
2 Replies 2

joshua.walton
Level 1
Level 1

‎05-12-2007 06:38 PM

There should be NO ACL. Don't use a crossover ethernet cable or fiber to connect the two failover LAN interfaces. Instead, each interface should connect to a switch port so that the link status is always up to one firewall interface if the other firewall interface fails. Otherwise, both units sense a link-down condition and assume that their interfaces have a failover.

Yes, a crossover will work; but it isnt a best practice.

Please rate if you are satisfied.

Cheers!

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to joshua.walton

‎05-12-2007 07:37 PM

Even if there is a ACL that has a deny any any on that failover link interfaces then the failover communication still works.

But personaly I prefer to remove it !

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card