with our failover with PIXs 525 and PIXOS 7.0.4. Both are connected with serial cable and dedicated ethernet cable.
When I disconnect one interface on
Primary-Active PIX than other one takes
role. But when I connect interface back I see on primary one (CLI command show failover) that it is secondary and one which was secondary is primary. But active is now the same as before but is signed as secondary. Cable is placed correctly..primary side on primary and secondary side on failover (secondary).
This is normal behaviour for the pix with failover. The secondary will be active if it sees the pix primary goes down. But when the prinary comes back up it will not take over as the primary, it will assume the role of secondary.
The cable does determine which is primary and which is secondary and as you point out if you connect the cable the wrong way round failover will not work.
But the firewall coming back up does not preempt the active firewall. Thinking of primary and secondary can be a bit misleading in this sense. Think of it as active and standby. Either firewall can be active or standby.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...