The PIX Failover is fail

Unanswered Question
May 15th, 2007
User Badges:

Hello,

The PIXs are is FW2139 and FW2140. I am user "show failover" command, the PIX is below information.

FW2139

Failover On

Cable status: Normal

Failover unit Primary

Failover LAN Interface: N/A - Serial-based failover enabled

Unit Poll frequency 15 seconds, holdtime 45 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 7.2(2)14, Mate 7.2(2)14

Last Failover at: 02:54:59 CST Apr 10 2007

This host: Primary - Active

Active time: 3638325 (sec)

Interface outside (202.144.208.222): Normal

Interface inside (172.25.2.9): Normal

Interface DCN (10.252.135.9): Normal (Not-Monitored)

Other host: Secondary - Standby Ready

Active time: 210 (sec)

Interface outside (202.144.208.212): Normal

Interface inside (172.25.2.14): Normal

Interface DCN (10.252.135.10): Normal (Not-Monitored)


Stateful Failover Logical Update Statistics

Link : state GigabitEthernet3 (Failed)


FW2140

Failover On

Cable status: Normal

Failover unit Secondary

Failover LAN Interface: N/A - Serial-based failover enabled

Unit Poll frequency 15 seconds, holdtime 45 seconds

Interface Poll frequency 5 seconds, holdtime 25 seconds

Interface Policy 1

Monitored Interfaces 2 of 250 maximum

Version: Ours 7.2(2)14, Mate 7.2(2)14

Last Failover at: 02:54:59 CST Apr 10 2007

This host: Secondary - Standby Ready

Active time: 210 (sec)

Interface outside (202.144.208.212): Normal

Interface inside (172.25.2.14): Normal

Interface DCN (10.252.135.10): Normal (Not-Monitored)

Other host: Primary - Active

Active time: 3638355 (sec)

Interface outside (202.144.208.222): Normal

Interface inside (172.25.2.9): Normal

Interface DCN (10.252.135.9): Normal (Not-Monitored)


Stateful Failover Logical Update Statistics

Link : state GigabitEthernet3 (up)

The FW2139 failover link is fail, but the FW2140 failover link is up.The PIXs are running PIX 7.2(2)14.Is the OS bug?

Please help me.

Thanks and Regards

Stephen

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
b.hsu Mon, 05/21/2007 - 06:09
User Badges:
  • Silver, 250 points or more

There are 2 failover functions that monitor the interface. The first just monitors the link status and the second monitors the connectivity including the link. The second is triggered when missing hello packets are seen on the interface. If the failover is due to the first function, then it will not show the device as failed. The only time you will see the "failed" state is if the interface itself fails and the missing hello packets start the traffic tests that fail. This should probably be changed.


Actions

This Discussion