Primary Unit of a Firewall Failover pair does not become the active unit when it is brought online
I am using a pair of PIX Firewall 550, both running pix firewall s/w version 6.1 and are configured in a failover configuration.
Occasionally, the primary unit seemed to be rejecting connections on all interfaces, except from the secondary unit - as such, devices on any one interface are not able to communicate with devices on another interface.
As the secondary unit does not detect that there is a problem, it does not become the active unit unless forced to do so manually.
In addition, when the primary unit is re-booted, the problem described above is resolved, but here the primary unit does not automatically become the active unit, unless forced to do so manually.
Re: Primary Unit of a Firewall Failover pair does not become the
Part 1 - Please supply the serial numbers, this could be a known hardware problem. Part 2 - the primary unit will not come active until it detects a failure in the secondary. It will not become active automatically once powered on or rebooted.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...