cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
520
Views
0
Helpful
2
Replies

Pix active/active failover

fernanrl
Level 1
Level 1

Hi,

First of all, thanks for your time. I have a question implementing active/active failover on a pix with 7.0. I have two pix 535 with 3 ethernets (inside, outside and failover). Until now they were in active/pasive but I would like to put them in active/active. Is there a way of doing this WITHOUT installing any more ethernet cards? Further more, can this be done using just one context? I found this info:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247e.html#wp1096075

Can I implement it some other way?

Kindest regards,

Fernando

CCIE#144XX CCNP CCDP

1 Accepted Solution

Accepted Solutions

jilahbg
Level 1
Level 1

Hello

IMHO the "active/active" is just sales talk. What Cisco means when they saids active/active in pix7/ASA is just load balancing if You are running multiple fw contexts.

For each virtual firewall you setup one physical fw as active, and the other as passive. If you have 4 virutal fw:s (contexts), you set Fw A as active for context 1 and 2, and Fw B as active for context 3 and 4. In that way, when a unit fails, the two contexts that are active on that unit will fail over to the other unit.

If You are not running multiple contexts in your firewalls you cannot use active/active failover.

Sorry, it disappointed me too when I realized...

Regards Jimmy

View solution in original post

2 Replies 2

jilahbg
Level 1
Level 1

Hello

IMHO the "active/active" is just sales talk. What Cisco means when they saids active/active in pix7/ASA is just load balancing if You are running multiple fw contexts.

For each virtual firewall you setup one physical fw as active, and the other as passive. If you have 4 virutal fw:s (contexts), you set Fw A as active for context 1 and 2, and Fw B as active for context 3 and 4. In that way, when a unit fails, the two contexts that are active on that unit will fail over to the other unit.

If You are not running multiple contexts in your firewalls you cannot use active/active failover.

Sorry, it disappointed me too when I realized...

Regards Jimmy

Can we do Active/Active with FWSM blade as well? Of course, assuming i run multi-context...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: