I have a pair of Pix's configured for failover and stateful sync, but i have discovered that the sync is not working, after some investigation it looks like one of the FW's has had its interface assigned to the wrong VLAN.
So the fix is to assign the interface into the correct vlan, I wanted to know if there was any potential serivce impact when this happens, ie when the sync gets connected and starts working ?
I suggets you posting the output of 'show failover'to be sure .. however by the sound of it, you should not have any major issues. At the moment the current Active firewall must be forwarding packets and also monitoring the status of the standby firewall's interfaces. Once the status is normal, the failover relation will be completed and the configuration will be 'pushed' from Active to Standby. It is unlikely that traffic flow will be affected.
It is the stateful link that is th elink which has been assigned to different vlans either end, and is the one i was intending to change to the correct vlan and was wondering if this would cause me the issues.
As for the ping, no i cannot ping either stateful interface from either FW.
Just make sure you take a backup of the configuration. Sometimes both units think they are active and it can erase the configuration on the desired primary unit. An easy way to make sure this does not happen is to 'ping' the other units failover interface before enabling 'failover' on both sides. And also making sure you have the correct boxes assigned as primary/secondary.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :