×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

FWSM failover failed interfaces

Unanswered Question

A recent logical relocation of certain interfaces on the firewall has invariably resulted in a subsequent failure of the failover interfaces on the standby unit.


The question below would help clarify how to solve this dilemma:


Whether the keepalive traffic between the active fwsm and standby are affected by the ACL on the interface. - Information: An in/out ACL is defined each interface



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Mon, 11/07/2005 - 18:36
User Badges:
  • Cisco Employee,

No, failover keepalives are NOT affected by the interface ACL, in just the same way as telnet/ssh/ospf/syslog/etc type traffic are also not affected. Basically anything to/from the PIX itself is not affected by interface ACL's.



Thanks.

I noticed the failed interfaces on the standby fwsm cannot be reached from the active nor anywhere else. The same is true of the active interfaces in waiting state.


A debug of icmp and packet shows that the packets does not reach the active pair from the standby and vice versa.


The other interfaces are ticking away nicely with nothing to report.


Additional information:


FWSM Firewall Version 2.3(1)7

FWSM Device Manager Version 4.1(1)


Actions

This Discussion