We are experiencing an interesting little problem with failover. Whilst performing some testing we discovered that when the Secondary Unit is Active, and the Primary unit is powered up, the primary unit will disrupt traffic flowing over the Secondary Unit. We do not see this issue if the secondary unit is power cycled.
Doing some further investigation, when the primary is powered up, it detects that its mate is Active and will then start the configuration replication, it is at this point that on the LAN you can see that the mac and IP address are now pointing at the Primary unit and all traffic is lost. It isn't until the configuration replication has finished that the mac and IP address point back to the Secondary.
I have had a look through the books and the site and I'm unable to see any reference to this scenario.
failover polltime unit msec 500 holdtime 3
failover polltime interface 3
failover link state Ethernet5
failover interface ip state 192.168.8.5 255.255.255.252 standby 192.168.8.6
Check what interfaces you are monitoring for failover and make sure on the primary that all interfaces are OK up/up. I have also seen the monitoring of an interface that is up/up but with no IP address configured.
The three interfaces that are being monitored are all in an up/up state with IP addresses.
They are also connected into a switch that has portfast enabled.
The way that we have gotten round it currently is to remove the interface cables from the back of the primary pix, power it on, wait for it to go into a failed state, then plug the cables back in. We then do not lose any network connectivity.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...