cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
327
Views
0
Helpful
6
Replies

PIX failover II.

johnleeee
Level 1
Level 1

Hi all,

Id like to consult second problem

with our failover with PIXs 525 and PIXOS 7.0.4. Both are connected with serial cable and dedicated ethernet cable.

Problem is:

When I disconnect one interface on

Primary-Active PIX than other one takes

role. But when I connect interface back I see on primary one (CLI command show failover) that it is secondary and one which was secondary is primary. But active is now the same as before but is signed as secondary. Cable is placed correctly..primary side on primary and secondary side on failover (secondary).

Any idea?

BR

jl

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

Hi Jl

This is normal behaviour for the pix with failover. The secondary will be active if it sees the pix primary goes down. But when the prinary comes back up it will not take over as the primary, it will assume the role of secondary.

It is not a problem.

HTH

Jon

Hi Jon,

thanks for info....but why PIX before Primary

and now Secondary is Secondary-Active?

Why they don?t change only state Active ..Standby. But they change Secondary and Primary

roles. I thought that serial cable determine roles and this don?t change.

BR

jl

Hi Jl

The cable does determine which is primary and which is secondary and as you point out if you connect the cable the wrong way round failover will not work.

But the firewall coming back up does not preempt the active firewall. Thinking of primary and secondary can be a bit misleading in this sense. Think of it as active and standby. Either firewall can be active or standby.

Jon

timkaye
Level 1
Level 1

You will need to issue (from configuration mode)

the failover active command on the primary (standby) pix.

Simply telnet to the failover inside IP address and issue the command.

You will then loose your connection.

Hi all,

thanks for an advice. Now Im knowledgeabled.

I entered the command failover active and everything is like before. Fine.

jl

Glad to hear.

Likewise you could have just pulled a cable from the Secondary active to have failover fail back to the primary. :)

There is also an active light on the front to help determine which firewall is currently active.

Cheers

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: