Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX FAILOVER ACTIVE-STANDBY

Hi all.

Reading the docs, when 2 pix are in LAN FAILOVER situation (without stateful link), primary unit is active and secondary unit is standby.

When primary goes down, secondary get the active status and start to

accept traffic.

When primary goes up after a failure, it shuold reclaim the active status, but

in my situation the secondary remain active and the primary is standby.

To force primary to return active i shuold issue "failover actvie".

Why this?

I miss somethings?

Thanks.

G.

  • Other Security Subjects
3 REPLIES
New Member

Re: PIX FAILOVER ACTIVE-STANDBY

Hi G

That goes for all failover devices such as PIX'es, LocalDirectors etc.

Every time a unit goes from standby to active there is a short time with no connection to whatever users are trying to reach. All connections are also dropped, which can result in timeouts for users.

Since the primary and secondary unit are only selected by the end of the failover cable and only can work on 2 identical units, there is no need to switch back. The performance is exactly the same on both units, so why risk losing maybe important sessions? As I see it, there is no need for such a "switchback" mechanism and I am sure that Cisco feels the same way about this.

Best regards

Jan

New Member

Re: PIX FAILOVER ACTIVE-STANDBY

Yes, it sounds logic ....

Thanks.

Cisco Employee

Re: PIX FAILOVER ACTIVE-STANDBY

Just to confirm what the previous poster said, after the primary or failed PIX comes back up, the currently active PIX does NOT automatically fail over. Why should it. If you want to force the primary to become the active again then you can either do a "failover active" on the primary, or a "no failover active" on the secondary.

This is noted here:

http://www.cisco.com/warp/public/110/failover.html#failback

Also, the previous poster mentioned that during failover all sessions are lost. This is NOT true if you're doing stateful failover, which I would recommend.

136
Views
0
Helpful
3
Replies