09-23-2009 10:54 AM
Hi All,
We have a PIX 515E pair in active/stdby (Stdby: FO only license). failover config...
*********************
failover
failover timeout 0:00:00
failover poll 15
failover ip address outside 12.25.10.6
failover ip address inside 192.168.33.3
failover ip address dmz 192.168.23.3
no failover ip address intf3
no failover ip address intf4
failover ip address statefull 100.10.10.2
failover link statefull
**************************
I would like shut the DMZ ports on both PIXs. With out encountering failover what us the process..?
TIA
MS
09-23-2009 12:13 PM
You can use the monitor-interface command, and not monitor the DMZ interface.
09-23-2009 12:27 PM
Thanks for the reply but the monitor-interface command not supported in the version PIX having. 6.3(4)
TIA
MS
09-26-2009 08:24 AM
Fyi.. The following sequence of commands worked (on Primary)..
*************************
no failover ip address dmz 192.168.23.3
write standby
write mem
--> Shut the dmz interface administratively.
--> After issuing write standby (may not need) , administrtively shut the switch ports (where Pri and SEC PIC DMZ i/f connects)
-->Here I lost connectivity to SEC pix for a very brief period till the Stateful link status (sh failover) returns to 'Normal' from Waiting.
--> issued another write standby and write mem. Everything looks fine.
Thanks
MS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: