Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
0
Helpful
2
Replies

PIX 515e Failover / Failback

T3ch-Services
Level 1
Level 1

‎06-01-2006 03:33 AM - edited ‎02-21-2020 12:56 AM

I have a pair of PIX 515e's in a failover configuration using the failover cable. I have simulated a power failure on the primary device and the secondary device kicks in straight away - exactly as it is supposed to!

My question is, if the primary device fails big then time the seconday device will kick in and the users will continue to work. If the primary device needs to be replaced with another unit, how do you re-introduce a new 'primary' unit back into a failover pair? Do you need to reverse the failover cable so that the primary device is the original seconday and copy the config from the secondary back to the primary? Is there a command to enter on the seconday to copy the config back to the new primary?

Any advice gratefully received.

David.

0 Helpful
2 Replies 2

cpembleton
Level 4
Level 4

‎06-01-2006 07:37 AM

Replication occurs from the active to the stanby. Since the secondary is active introducing a new pix should cause the config to transfer. If it does not use the write standby on the active which manually writes the config to the standby.

If that doesn't work you can always save the config from the active pix and upload that to the new pix

then re-attach.

6.X

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

7.0

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_guide_chapter09186a008045247e.html

0 Helpful

soc
Level 1
Level 1

‎06-01-2006 07:42 AM

Hi,

To introduce the new primary.

Switch the new firewall off.

Connect the cables to the new pix.

Connect the failover cable.

The switch it one.

The presnt (secondary firewall that is active, with write the config back to the primary).

Note: the secondary will still be active except you feel like failing the firewall back.

To do that .

Log on the the firewall ,

do a write mem . This will sychronise both firewall config if they are not in sych .

Then execute

no failover active ( on the Secondary which is the active one).

Finally the new primary will become active .

Confirm by show failover

Regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card