https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331012#M556660 <P>I am deploying a pair of PIX directly connecting to a pair of firewalls managed by a 3rd party. My firewall pair is to provide for the necessary redundancy in case of failure in the master PIX. The connections between PIX and 3rd party's firewalls were point-to-point, i.e. master PIX to master firewall and standby PIX to standby firewall (See Scenario 1). However I was told that connecting in this way will cause failover mechanism to fail. To make the failover works I have to connect as per in Scenario 2. </P><P></P><P>Qn: </P><P>1. Is it true that I need to connect in scenario 2?</P><P>2. Just wondering how the PIX failover mechanism works? Is it by keepalive messages sending across the external-facing interfaces?</P><P></P><P>Thank you!</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 07:40:04 GMT leejoansin 2020-02-21T07:40:04Z https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331012#M556660 <P>I am deploying a pair of PIX directly connecting to a pair of firewalls managed by a 3rd party. My firewall pair is to provide for the necessary redundancy in case of failure in the master PIX. The connections between PIX and 3rd party's firewalls were point-to-point, i.e. master PIX to master firewall and standby PIX to standby firewall (See Scenario 1). However I was told that connecting in this way will cause failover mechanism to fail. To make the failover works I have to connect as per in Scenario 2. </P><P></P><P>Qn: </P><P>1. Is it true that I need to connect in scenario 2?</P><P>2. Just wondering how the PIX failover mechanism works? Is it by keepalive messages sending across the external-facing interfaces?</P><P></P><P>Thank you!</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 07:40:04 GMT https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331012#M556660 leejoansin 2020-02-21T07:40:04Z https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331013#M556662 <HTML><HEAD></HEAD><BODY><P>Hi hope this helps</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_installation_guide_chapter09186a00800eb0c4.html" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_installation_guide_chapter09186a00800eb0c4.html</A></P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml</A></P><P></P><P><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Wed, 06 Oct 2004 13:10:31 GMT https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331013#M556662 Endwigast 2004-10-06T13:10:31Z https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331014#M556666 <HTML><HEAD></HEAD><BODY><P>Scenario two is the correct way. The reason being that the PIX firewalls in a failover configuration send failover hello packets on all interfaces and if an interface does not detect two consecutive hello packets in a specific time interval the interface enters testing mode.</P></BODY></HTML> Wed, 06 Oct 2004 17:19:41 GMT https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331014#M556666 a.awan 2004-10-06T17:19:41Z https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331015#M556667 <HTML><HEAD></HEAD><BODY><P>Thank you! It helps a lot! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Wed, 06 Oct 2004 23:46:45 GMT https://community.cisco.com/t5/network-security/pix-failover-mechanism/m-p/331015#M556667 leejoansin 2004-10-06T23:46:45Z