PIX Failover Limitations

Unanswered Question
Jan 23rd, 2009


I was wondering if someone could help me determine the limitations of using a failover-only PIX in standalone mode. I was reading this page: http://www.cisco.com/en/US/docs/security/pix/pix61/configuration/guide/f... and in the Failover Usage Notes it says that the PIX will reboot every 24 hours. But I have been running my failover-only PIX in standalone mode and sho ver shows an uptime of 133 days. Also, it says failover sluster up 288 days. How can that be when the primary unit was disconnected?

I am also wondering if I make configuration changes on the failover and it reboots, will the changes stick? If so, then when I plug the primary back in will those changes get over-written? Is the only way to save those changes to copy the config to TFTP, then copy it to primary before plugging in the primary?

Any other limitations with using failover in standalone?

Thanks a lot!



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
ivillegas Fri, 01/30/2009 - 06:30

PIX with the failover license are intended to be used solely for failover and not in standalone mode. If a failover unit is used in standalone mode, the unit reboots at least once every 24 hours until the unit is returned to failover duty.


Failover requires you to purchase a second PIX Firewall unit sold as a failover unit that only works as a failover unit.

edmand.hon Tue, 09/28/2010 - 10:50

Hi.. i would like to check with you whether if the failover pair rebooted, will we lost the crypto key? i'm having issue to source for a UR pix to reply my faulty pix and FO unit is running alone now. each time when the pix rebooted, i lost crypto key and unable to access the pix via ssh. hence, everyday i need to generate RSA key again. is it part of FO license limitation?


This Discussion