cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
716
Views
3
Helpful
5
Replies

PIX firewall active/standby pair

suthomas1
Level 6
Level 6

If there is a need to remove the standby PIX from active-standby position,what are the specific steps to be followed?

It seems removing the standby's physical connections will suffice , but it is not certain if this could problems to normal traffic pattern,which is to be avoided.

Thanks.

5 Replies 5

yes,it seems fine.But is there any particular steps to followed viz. shut off the failover and other interface on standby first, followed by physical removal.

'no failover' on Active, then switch off Standby et voila!

Thanks.Few more queries:

1.failover status in ASA shows as standby ready for secondary host. Is it correct, shouldnt it be just Standby status?

2.static (inside,dmz) 192.168.21.2 192.168.21.2 netmask 255.255.255.255

What is the meaning of this line.Understand that this is used for static translation when external access is required to services hosted inside the network.But then why are the 2 ip's same?

Thanks.

1. I assume you've issued the 'no failover' command? If so, then the standby unit would display a wait state as it can no longer contact the primary.

2. This sort of static 1:1 translation is done to advertise an IP address or IP addresses externally from an inside network. It's the nature of Cisco firewalls. All IP addresses are hidden until you static or NAT them.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: