PIX 525 statefull failover reboot process

wilson_1234_2 · ‎07-27-2007

We have two PIX 525 firewalls running 6.3 in a stateful failover scenario.

If I am foing to reboot the active firewall, would the correct process be to go to the active firewall and issue:

no failover active and reboot the device?

I think the inside Iterface is also in the stateful failover and I loose connection to the firewall whne I do that.

I am unable to connect to the secondary firewall interfaces when it is not active.

Can you just reboot the active firewall with no problems?

Jon Marshall · ‎07-27-2007

Hi Wilson

You should be able to connect to the secondary firewall even when it is not active.

If you are sure your failover is working you can just reboot the active firewall although typing

"no failover active" on the primary

"failover active" on the secondary

will also do it.

What does the output of a "sh failover" tell you.

Jon

wilson_1234_2 · ‎07-27-2007

Everything is normal.

Failover is showing all normal on active and standby firewalls, but I cannot get to the standby firewall.

I have failed over the active firewall by:

'No failover active"

and it fails over properly with no problems, and fails back. The standby becomes active, and goes back, but I cannot get to that stand by firewall either.

Does "no failover active" reboot the active firewall and cause the standby to be active, or just initiate the failover process?

Jon Marshall · ‎07-27-2007

Wilson

It should just intiate the failover process and not actually reboot the firewall.

So if you have a primary and secondary, eth primary is 192.168.1.1 and the secondary is 192.168.1.2 you are saying you cannot telnet to 192.168.1.2 ?

Jon

wilson_1234_2 · ‎07-27-2007

Correct,

I don't see anything in the config that would prevent it.