07-27-2007 06:52 AM - edited 03-11-2019 03:50 AM
We have two PIX 525 firewalls running 6.3 in a stateful failover scenario.
If I am foing to reboot the active firewall, would the correct process be to go to the active firewall and issue:
no failover active and reboot the device?
I think the inside Iterface is also in the stateful failover and I loose connection to the firewall whne I do that.
I am unable to connect to the secondary firewall interfaces when it is not active.
Can you just reboot the active firewall with no problems?
07-27-2007 07:04 AM
Hi Wilson
You should be able to connect to the secondary firewall even when it is not active.
If you are sure your failover is working you can just reboot the active firewall although typing
"no failover active" on the primary
"failover active" on the secondary
will also do it.
What does the output of a "sh failover" tell you.
Jon
07-27-2007 07:43 AM
Everything is normal.
Failover is showing all normal on active and standby firewalls, but I cannot get to the standby firewall.
I have failed over the active firewall by:
'No failover active"
and it fails over properly with no problems, and fails back. The standby becomes active, and goes back, but I cannot get to that stand by firewall either.
Does "no failover active" reboot the active firewall and cause the standby to be active, or just initiate the failover process?
07-27-2007 09:20 AM
Wilson
It should just intiate the failover process and not actually reboot the firewall.
So if you have a primary and secondary, eth primary is 192.168.1.1 and the secondary is 192.168.1.2 you are saying you cannot telnet to 192.168.1.2 ?
Jon
07-27-2007 10:49 AM
Correct,
I don't see anything in the config that would prevent it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide