Cisco PIX515E active/stdby pair: process to disable i/f without failover

Unanswered Question
Sep 23rd, 2009
User Badges:
  • Gold, 750 points or more

Hi All,

We have a PIX 515E pair in active/stdby (Stdby: FO only license). failover config...



failover timeout 0:00:00

failover poll 15

failover ip address outside

failover ip address inside

failover ip address dmz

no failover ip address intf3

no failover ip address intf4

failover ip address statefull

failover link statefull


I would like shut the DMZ ports on both PIXs. With out encountering failover what us the process..?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
auraza Wed, 09/23/2009 - 12:13
User Badges:
  • Cisco Employee,

You can use the monitor-interface command, and not monitor the DMZ interface.

mvsheik123 Wed, 09/23/2009 - 12:27
User Badges:
  • Gold, 750 points or more

Thanks for the reply but the monitor-interface command not supported in the version PIX having. 6.3(4)



mvsheik123 Sat, 09/26/2009 - 08:24
User Badges:
  • Gold, 750 points or more

Fyi.. The following sequence of commands worked (on Primary)..


no failover ip address dmz

write standby

write mem

--> Shut the dmz interface administratively.

--> After issuing write standby (may not need) , administrtively shut the switch ports (where Pri and SEC PIC DMZ i/f connects)

-->Here I lost connectivity to SEC pix for a very brief period till the Stateful link status (sh failover) returns to 'Normal' from Waiting.

--> issued another write standby and write mem. Everything looks fine.




This Discussion