Pix 535 Failover interface

Unanswered Question
Jan 27th, 2010

I have a question concerning the stateful failover interface.  I'm reading through the 8.0 guide, and i came across this blurb concerning the interface for failover:

Use the following failover interface speed guidelines for Cisco PIX security appliances and Cisco ASA adaptive security appliances:

Cisco ASA 5520/5540/5550 and PIX 515E/535 The stateful link speed should match the fastest data link

this appears to be a recommendation, rather than hard/fast requirement.

Does anybody know if you HAVE to use one of the gig interfaces for this?  I'd like to use one of the 100mbps interfaces for this failover.

thanks in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kureli Sankar Wed, 01/27/2010 - 19:33

If you have 4 gig interfaces pushing traffic, all of that state information has to go through the 100 mb link that you are thinking about.  You have read the document where Cisco recommends to use the state interface the same as the fastest interface that you are using for data.

Especially if you do http replication, this 100mb link may not be enough and that purely depends on the traffic that you push through this unit.


Bruce Summers Thu, 01/28/2010 - 06:54


But, in my case, this is a Test and Dev environment...the failover is strictly for our network testing / network configuration purposes...not production.

there will be a large number of servers in the T&D, but basically, I have 1 gig uplinks from the core switches to the PIX's, since I cant bundle interfaces to give me better throughput...1 gig is the fastest interface I have...


This Discussion