Active/Standby failover cables

Unanswered Question
Mar 18th, 2008
User Badges:

Hi,

I am confused about active/standby hardware failover cables. we put two cables, one is the serial cable and other is the state cable. what is the rule of these cables, and which one is responsible for exchange information about the other peer.

regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Hi


Failover lets you connect a second PIX Firewall unit to your network to protect your network should the first unit go off line. If you use Stateful Failover, you can maintain operating state for the TCP connection during the failover from the primary unit to the standby unit.


When failover occurs, each unit changes state. The unit that activates assumes the IP and MAC addresses of the previously active unit and begins accepting traffic. The new standby unit assumes the failover IP and MAC addresses of the unit that was previously the active unit. Because network devices see no change in these addresses, no ARP entries change or time out anywhere on the network.


Once you configure the primary unit and attach the necessary cabling, the primary unit automatically copies the configuration over to the standby unit.


The ACT indicator light on the front of the PIX 515, PIX 525, and PIX 535 is on when the unit is the active failover unit. If failover is not enabled, this light is on. If failover is present, the light is on when the unit is the active unit and off when the unit is the standby unit.


Failover works with all Ethernet interfaces. However, the Stateful Failover interface must be 100 Mbps or Gigabit Ethernet.


Cabling the two PIX Firewall units together requires a high-speed serial cable when using cable-based failover, or a dedicated Ethernet connection to a dedicate switch/hub (or VLAN) when using LAN-based failover. If you are using Stateful Failover, a separate dedicate full-duplex 100 Mbps or Gigabit Ethernet connection is required when running cable-based failover and is recommended when running LAN-based failover.


The failover feature causes the PIX Firewall to ARP for itself every 15 seconds (depending on the time set with the failover poll command). This ARPing can only be stopped by disabling failover.


HTH


Regards MJ

alanajjar Tue, 03/18/2008 - 22:45
User Badges:

Hi,

Thank you for your reply.

As I unduerstand, if I want just hardware failover, I only use serial cable, and if I want stteful failover , I have to add an ethernet cable for that, correct?

If I want hareware failover, do i need to configure any thing on the ASA or just put the cable?

when we use two cables for failover, one for state and another for failover , what is the rule of each cable?

thanks in advance

Actions

This Discussion