query for failover in pix firewall

sunil-koul · ‎03-05-2012

I have two pix 515-e which are in failover.now the staus for failover is shown in below.it shows primary is standby and secondary is Active.If i am modifying config it gives warning the change will not be replicated to Active as change is done in standby.How to correct this can anybody help here.

Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
Last Failover at: 02:10:13 UTC Thu Feb 16 2012
This host: Primary - Standby
Active time: 0 (sec)
Interface outside (167.1.162.4): Normal
Interface inside (10.130.98.4): Normal
Interface Breakme (10.130.120.2): Normal
Interface DMZ (10.130.98.186): Normal
Interface Breakme-L7 (192.168.5.2): Normal
Interface stateful (192.168.1.2): Normal
Other host: Secondary - Active
Active time: 1893255 (sec)
Interface outside (167.1.162.3): Normal
Interface inside (10.130.98.5): Normal
Interface Breakme (10.130.120.1): Normal
Interface DMZ (10.130.98.185): Normal
Interface Breakme-L7 (192.168.5.1): Normal
Interface stateful (192.168.1.1): Normal

Stateful Failover Logical Update Statistics
Link : stateful
Stateful Obj xmit xerr rcv rerr
General 208847 0 18116796 0
sys cmd 208847 0 208847 0
up time 0 0 2 0
xlate 0 0 2383444 0
tcp conn 0 0 15522986 0
udp conn 0 0 0 0
ARP tbl 0 0 0 0
RIP Tbl 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 13 6778743
Xmit Q: 0 1 208847

svaish · ‎03-05-2012

This host is

This host: Primary - Standby

which means that this is not the active device in the network.

Since changes are always replicated from Active device to standby device and not from standby device to active device;

Whenever you try to make any changes on the standby device the error message that you got appears.

To correct this situation you must logon to "Secondary - Active" device and make the required changes.

Once the changes have been made save the configuration.

Sachin