Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
3
Replies

Standby (Failed)

mlabuguen
Level 1
Level 1

‎05-19-2003 06:14 AM - edited ‎03-09-2019 03:20 AM

Hello,

I have redundant PIX 515's v 6.2(1) and when the primary often goes down and the secondary kicks in and becomes active. When this occurs the primary has a failed status, that's natural since it must regain link activity on its downed I/F to become a true standby to the secondary active PIX.

The problem with the failed primary PIX is that it never comes back online. It remains at Standby (Failed) status. The only workaround to this that i know of is to recycle the power on the Failed Primary. This will cause the it to change into true Standby status, ready to take over once the active goes down.

Does this sound familiar? What seems to be the problem? Any ideas?

I went as far as including only the standard inside, outside, stateful_failover (crossover straight to other PIX) I/Fs. But the standby (failed) status still happens. This time on the stateful_Failover I/F. I am positive that there is nothing wrong with the crossover cable between the primary and secondary PIXs.

Thanks in advance!

P.S Also want to note that this problem occurs also with the secondary active. When it goes down the Primary, which is in true standby mode, takes over. The Secondary will remain forever in standby (failed) till i perform a power cycle.

Labels:
0 Helpful
3 Replies 3

sampathsr
Level 1
Level 1

‎05-20-2003 06:52 PM

if you are using serial-cable based failover (the so-called heart-beat cable) that is the first I would suspect...

also, if you are using serial-based cable, try switchig over to LAN-based failover and check what happens?

Best regards / Sampath.

0 Helpful

mlabuguen
Level 1
Level 1
In response to sampathsr

‎05-21-2003 04:28 AM

Thanks for the input. That will be my next approach if my first solution does not pan out.

The failover poll was set to 5 seconds. When looking at other sample FW configs from variou sources, i noticed all were set to 15 seconds. I immediately changed the failover poll parameter to 15 and ever since (2 days now) there were no faults.

If this tactic works, i would have no solid reasoning why???

0 Helpful

sampathsr
Level 1
Level 1
In response to mlabuguen

‎05-21-2003 05:49 AM

i thought you have the problem if and ONLY when the primary fails, or am i getting anything wrong here?

may be you can simulate the failover conditions to see of the failover poll setting sets right the problem..

best regards / Sampath.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents