Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Compared with Checkpoint cluster and Netscreen,Pix failover is too slow.

Any cisco experts can tell exactly how long will the pix active and standby switchover take.

It seems too long.

1 REPLY
New Member

Re: Compared with Checkpoint cluster and Netscreen,Pix failover

Hi,

The failover feature in the Cisco PIX Firewall monitors failover communication, the power

status of the other unit, and hello packets received at each interface. If two consecutive hello

packets are not received within an amount of time determined by the failover feature,

failover starts testing the interfaces to determine which unit has failed and transfers active

control to the standby unit.

The "failover poll seconds" command allows you to determine how long failover waits

before sending special failover “hello” packets between the primary and standby units over

all network interfaces and the failover cable. The default is 15 seconds. The minimum value

is 3 seconds, and the maximum is 15 seconds.

HTH,

Haitham

154
Views
0
Helpful
1
Replies