PIX failover II.

Unanswered Question
Jul 10th, 2007

Hi all,

Id like to consult second problem

with our failover with PIXs 525 and PIXOS 7.0.4. Both are connected with serial cable and dedicated ethernet cable.

Problem is:

When I disconnect one interface on

Primary-Active PIX than other one takes

role. But when I connect interface back I see on primary one (CLI command show failover) that it is secondary and one which was secondary is primary. But active is now the same as before but is signed as secondary. Cable is placed correctly..primary side on primary and secondary side on failover (secondary).

Any idea?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 07/10/2007 - 04:25

Hi Jl

This is normal behaviour for the pix with failover. The secondary will be active if it sees the pix primary goes down. But when the prinary comes back up it will not take over as the primary, it will assume the role of secondary.

It is not a problem.



johnleeee Tue, 07/10/2007 - 06:08

Hi Jon,

thanks for info....but why PIX before Primary

and now Secondary is Secondary-Active?

Why they don?t change only state Active ..Standby. But they change Secondary and Primary

roles. I thought that serial cable determine roles and this don?t change.



Jon Marshall Tue, 07/10/2007 - 06:17

Hi Jl

The cable does determine which is primary and which is secondary and as you point out if you connect the cable the wrong way round failover will not work.

But the firewall coming back up does not preempt the active firewall. Thinking of primary and secondary can be a bit misleading in this sense. Think of it as active and standby. Either firewall can be active or standby.


johnleeee Tue, 07/10/2007 - 23:59

Hi all,

thanks for an advice. Now Im knowledgeabled.

I entered the command failover active and everything is like before. Fine.



This Discussion