Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

[PIX 515E, 6.2] Failover information/questions

We are using a Failover Cable for failover. We are also using stateful failover between the PIX 515 firewalls using a FastEthernet interface. I really need some info about the following:

1. If the failover cable fails (or was removed), while the 2 firewalls are already powered on, no switching occurs. But, this document

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml#failovermonitoring

mentioned that,

"If a standby PIX does not receive a "hello" from the failover cable for 3 consecutive poll checks, the standby PIX initiates a switchover and declares the other PIX failed. If the active PIX does not hear the "hello" messages, it stays active and sets the other PIX as failed."

Question: If the cable is not immediately replaced, what will happen?

2. If the stateful failover cable fails (or was removed), no switching occurs.

Question: If the cable is not immediately replaced, what will happen?

3. Also, if both cables fail and were not immediately replaced, what will happen?

The answers could probably be in the documentation but I'm just hoping to hear quick/direct answers from anybody who have encountered these scenarios.

Sorry for the number of questions. I haven't worked with PIX firewalls that much.

Thanks in advance for any help.

3 REPLIES
Silver

Re: [PIX 515E, 6.2] Failover information/questions

Hi Andy,

I am sure you would be aware of two different kind of failover technologies :

Cable based and Lan-based failover. First one requieres a dedicated failover cable to be connected between both the pixes.

Later does not. If the cable is not replaced for statful, the failever will any way takes place, but the users/applications will have to reinitite the conncection, that is they loose the connection.

Community Member

Re: [PIX 515E, 6.2] Failover information/questions

1. if you remove failover cable in v6.2, all failover mechanism is disabled - so adio switchover.

2. if you remove failover link, stateful failover is disabled. In case of switchover, secondary pix need to rebuilt entire xlate table. You will lose all connection for 15-60 secs depeding on traffic.

3. same as 1. failover is disabled.

Community Member

Re: [PIX 515E, 6.2] Failover information/questions

The PIX software differentiates between lack of traffic on the failover serial cable and lack of the cable itself. You are disabling scenario 1 by removing the cable.

107
Views
0
Helpful
3
Replies
CreatePlease to create content