Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 525 statefull failover reboot process

We have two PIX 525 firewalls running 6.3 in a stateful failover scenario.

If I am foing to reboot the active firewall, would the correct process be to go to the active firewall and issue:

no failover active and reboot the device?

I think the inside Iterface is also in the stateful failover and I loose connection to the firewall whne I do that.

I am unable to connect to the secondary firewall interfaces when it is not active.

Can you just reboot the active firewall with no problems?

4 REPLIES
Hall of Fame Super Blue

Re: PIX 525 statefull failover reboot process

Hi Wilson

You should be able to connect to the secondary firewall even when it is not active.

If you are sure your failover is working you can just reboot the active firewall although typing

"no failover active" on the primary

"failover active" on the secondary

will also do it.

What does the output of a "sh failover" tell you.

Jon

New Member

Re: PIX 525 statefull failover reboot process

Everything is normal.

Failover is showing all normal on active and standby firewalls, but I cannot get to the standby firewall.

I have failed over the active firewall by:

'No failover active"

and it fails over properly with no problems, and fails back. The standby becomes active, and goes back, but I cannot get to that stand by firewall either.

Does "no failover active" reboot the active firewall and cause the standby to be active, or just initiate the failover process?

Hall of Fame Super Blue

Re: PIX 525 statefull failover reboot process

Wilson

It should just intiate the failover process and not actually reboot the firewall.

So if you have a primary and secondary, eth primary is 192.168.1.1 and the secondary is 192.168.1.2 you are saying you cannot telnet to 192.168.1.2 ?

Jon

New Member

Re: PIX 525 statefull failover reboot process

Correct,

I don't see anything in the config that would prevent it.

289
Views
10
Helpful
4
Replies
CreatePlease to create content