FWSM failover question

amady3381 · ‎09-30-2009

Dear all

I have two FWSM in active/standby mode. what I want to ask is when the failover LAN link (means connectivity between the two mates) lost. what will happen for the standby unit if it fails to find the active mate.

Thanks, for help and support,

Jon Marshall · ‎10-01-2009

If the 2 firewalls cannot see each other then each firewall presumes the other is offline and both firewalls will become active.

Clearly this is not a desirable situation. So it is a good idea to use an etherchannel between the 2 6500 chassis and spread the etherchannel connections over different modules within the chassis. That way if a single ethernet module fails you will still have connectivity between the FWSMs.

Jon

amady3381 · ‎10-01-2009

Dear Jon

Are you sure that both of them will become active? did you test it before?

If both of them become active what will happen in the network?

We have already different links between the two cores.

The senario is that we have two locations (Main and Disaster Recovery site). one core in the main and the other core in the DR.

we have also servers Vlan connected behind the FWSM and physically they are redundunt, means we have mirror servers in the two location. The Main is the active location and the DR is standby.

What we need to do is testing the DR. By shutting down the links between the two cores and check how the traffic to the servers will arrive? through the Main or the DR.

Also, please check this table in the below link (Failover Event 4)

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml

your help and support are appreciated.

Thanks,