I have redundant PIX 515's v 6.2(1) and when the primary often goes down and the secondary kicks in and becomes active. When this occurs the primary has a failed status, that's natural since it must regain link activity on its downed I/F to become a true standby to the secondary active PIX.
The problem with the failed primary PIX is that it never comes back online. It remains at Standby (Failed) status. The only workaround to this that i know of is to recycle the power on the Failed Primary. This will cause the it to change into true Standby status, ready to take over once the active goes down.
Does this sound familiar? What seems to be the problem? Any ideas?
I went as far as including only the standard inside, outside, stateful_failover (crossover straight to other PIX) I/Fs. But the standby (failed) status still happens. This time on the stateful_Failover I/F. I am positive that there is nothing wrong with the crossover cable between the primary and secondary PIXs.
Thanks in advance!
P.S Also want to note that this problem occurs also with the secondary active. When it goes down the Primary, which is in true standby mode, takes over. The Secondary will remain forever in standby (failed) till i perform a power cycle.
Thanks for the input. That will be my next approach if my first solution does not pan out.
The failover poll was set to 5 seconds. When looking at other sample FW configs from variou sources, i noticed all were set to 15 seconds. I immediately changed the failover poll parameter to 15 and ever since (2 days now) there were no faults.
If this tactic works, i would have no solid reasoning why???
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...