https://community.cisco.com/t5/network-security/weird-issue-with-pix-failover/m-p/758807#M1003719 <HTML><HEAD></HEAD><BODY><P>I will have to preface this with saying "I believe", as I am not 100% on my answer:</P><P></P><P>Then, "it depends".</P><P>If you have the Serial Failover cable attached, then even without a Failover IP address configured, the two PIX boxes will "know" each other, and keep their configurations syncronized. If you shut down the primary pix, the failover box will see the loss, and take over as the primary. They will NOT have any State or Session activity, so current connections will drop, and need to be re-established. Adding the failover interface and cables will allow State infomation to be maintained, so connections will not drop. (Important for Citrix or Mainframe connectivity)</P><P>If there is no Failover cable attached, then this would not be normal.</P><P></P><P>HTH.</P><P></P><P>Russ</P></BODY></HTML> Fri, 08 Jun 2007 17:10:20 GMT rsmith 2007-06-08T17:10:20Z https://community.cisco.com/t5/network-security/weird-issue-with-pix-failover/m-p/758806#M1003714 <P>Hi.</P><P>My customer has 2 PIX 515e boxes. He has not configured any failover ip addresses. In the output of show failover, all the interfaces are in waiting state. BUT the failover is still working. It is weird because the configuration does not have any failvoer ip's configured.</P><P></P><P>Failover On</P><P>Cable status: Normal</P><P>Reconnect timeout 0:00:00</P><P>Poll frequency 15 seconds</P><P>Last Failover at: 23:15:21 IST Sat Jun 2 2007</P><P> This host: Primary - Active </P><P> Active time: 145650 (sec)</P><P> Interface outside (x.x.x.x): Normal (Waiting)</P><P> Interface inside (x.x.x.x)(Waiting)</P><P> Interface intf2 (x.x.x.x) Link Down (Shutdown)</P><P> Interface intf3 (x.x.x.x): Normal (Waiting)</P><P> Interface intf4 (127.0.0.1): Link Down (Shutdown)</P><P> Interface intf5 (127.0.0.1): Link Down (Shutdown)</P><P> Other host: Secondary - Standby </P><P> Active time: 0 (sec)</P><P> Interface outside (0.0.0.0): Normal (Waiting)</P><P> Interface inside (0.0.0.0): Normal (Waiting)</P><P> Interface intf2 (0.0.0.0): Link Down (Shutdown)</P><P> Interface intf3 (0.0.0.0): Normal (Waiting)</P><P> Interface intf4 (0.0.0.0): Link Down (Shutdown)</P><P> Interface intf5 (0.0.0.0): Link Down (Shutdown)</P><P></P><P></P><P>the configuration is:</P><P>failover</P><P>failover timeout 0:00:00</P><P>failover poll 15</P><P>no failover ip address outside</P><P>no failover ip address inside</P><P>no failover ip address intf2</P><P>no failover ip address intf3</P><P>no failover ip address intf4</P><P>no failover ip address intf5</P><P></P><P>we tested by switching off the primary pix and to my surprise the standby pix took the IP addresses of the primary and traffic was flowing normally. Please let me know if this is normal.</P> Mon, 11 Mar 2019 10:25:44 GMT https://community.cisco.com/t5/network-security/weird-issue-with-pix-failover/m-p/758806#M1003714 zubairjalal 2019-03-11T10:25:44Z https://community.cisco.com/t5/network-security/weird-issue-with-pix-failover/m-p/758807#M1003719 <HTML><HEAD></HEAD><BODY><P>I will have to preface this with saying "I believe", as I am not 100% on my answer:</P><P></P><P>Then, "it depends".</P><P>If you have the Serial Failover cable attached, then even without a Failover IP address configured, the two PIX boxes will "know" each other, and keep their configurations syncronized. If you shut down the primary pix, the failover box will see the loss, and take over as the primary. They will NOT have any State or Session activity, so current connections will drop, and need to be re-established. Adding the failover interface and cables will allow State infomation to be maintained, so connections will not drop. (Important for Citrix or Mainframe connectivity)</P><P>If there is no Failover cable attached, then this would not be normal.</P><P></P><P>HTH.</P><P></P><P>Russ</P></BODY></HTML> Fri, 08 Jun 2007 17:10:20 GMT https://community.cisco.com/t5/network-security/weird-issue-with-pix-failover/m-p/758807#M1003719 rsmith 2007-06-08T17:10:20Z