Firewall Failover

Unanswered Question
May 14th, 2007

Hi,

I have 2 PIX firewall in failover mode.

When I issue Show failover command ,I getting the following message,

ROKO# sh failover

Failover On

Cable status: Other side powered off

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: 16:43:57 IST Sat May 12 2007

This host: Primary - Active

Active time: 155925 (sec)

Interface outside (10.59.23.1): Link Down (Waiting)

Interface inside (172.16.0.1): Normal (Waiting)

Interface dmz (192.168.100.1): Normal (Waiting)

Interface intf3 (0.0.0.0): Link Down (Shutdown)

Other host: Secondary - Standby

Active time: 0 (sec)

Interface outside (10.59.23.8): Unknown (Waiting)

Interface inside (172.16.0.8): Unknown (Waiting)

Interface dmz (192.168.100.8): Unknown (Waiting)

Interface intf3 (0.0.0.0): Unknown (Shutdown)

Stateful Failover Logical Update Statistics

Link : Unconfigured.

In the above what is the meaning of

Cable status: Other side powered off

Secondly when one firewall is in Active mode and other is in Passive,(failover mode)If I connect the console to the secondary firewall which is in passive mode,Can I able to access the secondary firewall.

Please help me.

Thanks and Regards,

S.Venkataraman.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 05/14/2007 - 01:54

Hi

This message indicates that the standby unit is actually powered down. Have you checked the status of the standby unit ?. Also if this is not the issue check the failover cable and if possible replace.

If you connect the console to the secondary firewall yes you should be able to access the firewall. Be sure not to configure anything on this secondary firewall though. Config should always be done on the active.

HTH

Jon

mbroberson1 Mon, 05/14/2007 - 07:40

Issue this command to sync the PIXes.

"write failover"

Regards,

Brandon

Lavanholy Mon, 05/14/2007 - 21:42

Hi Brandon,

I have checked the follwoing:

1. Secondary PIX is powered ON

2. Fail over cable is checked it is O.k,When we remove the fail over cable,Show failover gives " not connected,when we attach the fail over cable ,then the cable status is " Powered Off" Is there any chance for the secondary PIX hardware issue?

3. Can I attach the Console to the passive (Secondary ) PIX and get the access to teh PI?(I will not change the configuration in the passiv)

4. Then the "write stand" is for writing the configuration changes of active PIX into the Passive PIX.

Please clarify.

Thankls and Regards,

S.venkataraman.

Actions

This Discussion