Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

PIX failing over unexpectedly?

Go to solution
lalcantara
Level 1
Level 1

‎07-02-2007 10:54 AM - edited ‎03-11-2019 03:38 AM

Hello,

We have two PIX515E(failover via serial cable). Ever since we physically relocated the two firewalls, it's been failing over to secondary then back to primary. It happened three times within a span of three months. I verified that there was no trend in the timing of the failover, it just happens sporatically. We do not have Syslog setup yet, so I do not have any logs to attach.

This is what i get with the "sh failover" command:

****************

*PIX Firewall-1*

*//10.10.10.1//*

****************

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: <time here> PDT <date here>

This host: Primary - Active

Active time: 39630 (sec)

Interface dmz1 (10.10.1.1): Normal

Interface inside (10.10.10.1): Normal

Interface dmz2 (10.10.2.1): Normal

Interface dmz3 (10.10.3.1): Normal

Interface dmz4 (10.10.4.1): Normal

Interface dmz5 (10.10.5.1): Normal

Other host: Secondary - Standby

Active time: 165180 (sec)

Interface dmz1 (10.10.1.2): Normal

Interface inside (10.10.10.2): Normal

Interface dmz2 (10.10.2.2): Normal

Interface dmz3 (10.10.3.2): Normal

Interface dmz4 (10.10.4.2): Normal

Interface dmz5 (10.10.5.2): Normal

Stateful Failover Logical Update Statistics

Link : Unconfigured.

****************

*PIX Firewall-2*

*//10.10.10.2//*

****************

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: <time here> PDT <date here>

This host: Secondary - Standby

Active time: 165180 (sec)

Interface dmz1 (10.10.1.2): Normal

Interface inside (10.10.10.2): Normal

Interface dmz2 (10.10.2.2): Normal

Interface dmz3 (10.10.3.2): Normal

Interface dmz4 (10.10.4.2): Normal

Interface dmz5 (10.10.5.2): Normal

Other host: Primary - Active

Active time: 39630 (sec)

Interface dmz1 (10.10.1.1): Normal

Interface inside (10.10.10.1): Normal

Interface dmz2 (10.10.2.1): Normal

Interface dmz3 (10.10.3.1): Normal

Interface dmz4 (10.10.4.1): Normal

Interface dmz5 (10.10.5.1): Normal

Stateful Failover Logical Update Statistics

Link : Unconfigured.

I was wondering if anyone had any ideas why this is happening.

Thanks,

-Lee

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JBDanford2002
Level 1
Level 1

‎07-02-2007 03:08 PM

Possibly one of the connected interfaces is losing connectivity to the other PIX. What other devices are connected? Do you have logging on them? Maybe spanning tree problems etc...

View solution in original post

0 Helpful
2 Replies 2

Go to solution
JBDanford2002
Level 1
Level 1

‎07-02-2007 03:08 PM

Possibly one of the connected interfaces is losing connectivity to the other PIX. What other devices are connected? Do you have logging on them? Maybe spanning tree problems etc...

0 Helpful

Go to solution
lalcantara
Level 1
Level 1
In response to JBDanford2002

‎07-03-2007 11:58 AM

How simple was that! A few switch ports that the PIX interfaces was plugged into was negotiating incorrectly(duh!). There was a huge amount of collisions/late collisions and deferred packet losses. So I just forced the duplex & speed on the switch ports, until now there are no reported collisions.

Thank you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card