Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
gs
Community Member

FWSM failover failed interfaces

A recent logical relocation of certain interfaces on the firewall has invariably resulted in a subsequent failure of the failover interfaces on the standby unit.

The question below would help clarify how to solve this dilemma:

Whether the keepalive traffic between the active fwsm and standby are affected by the ACL on the interface. - Information: An in/out ACL is defined each interface

2 REPLIES
Cisco Employee

Re: FWSM failover failed interfaces

No, failover keepalives are NOT affected by the interface ACL, in just the same way as telnet/ssh/ospf/syslog/etc type traffic are also not affected. Basically anything to/from the PIX itself is not affected by interface ACL's.

gs
Community Member

Re: FWSM failover failed interfaces

Thanks.

I noticed the failed interfaces on the standby fwsm cannot be reached from the active nor anywhere else. The same is true of the active interfaces in waiting state.

A debug of icmp and packet shows that the packets does not reach the active pair from the standby and vice versa.

The other interfaces are ticking away nicely with nothing to report.

Additional information:

FWSM Firewall Version 2.3(1)7

FWSM Device Manager Version 4.1(1)

171
Views
0
Helpful
2
Replies
CreatePlease to create content