https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346619#M560867 <P>Hi all,</P><P></P><P>Is it possible to replciate the configuration of a PIX failover bundle across a wan link to another failover bundle? The idea is to set up two exits out of our network. </P><P></P><P>While traffic can be re-routed in case the primary gateway fails, our concern is to ensure the PIX ACLs and Nat configurations are available at the secondary at the time of failure.</P><P></P><P>We need a firewall at both gateways. How do we ensure that the configurations are replicated across both sites over the WAN? Changes will be made only at the primary site. The secondary site will be purely for backup only.</P> Fri, 21 Feb 2020 07:37:35 GMT fullerms 2020-02-21T07:37:35Z https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346619#M560867 <P>Hi all,</P><P></P><P>Is it possible to replciate the configuration of a PIX failover bundle across a wan link to another failover bundle? The idea is to set up two exits out of our network. </P><P></P><P>While traffic can be re-routed in case the primary gateway fails, our concern is to ensure the PIX ACLs and Nat configurations are available at the secondary at the time of failure.</P><P></P><P>We need a firewall at both gateways. How do we ensure that the configurations are replicated across both sites over the WAN? Changes will be made only at the primary site. The secondary site will be purely for backup only.</P> Fri, 21 Feb 2020 07:37:35 GMT https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346619#M560867 fullerms 2020-02-21T07:37:35Z https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346620#M560869 <HTML><HEAD></HEAD><BODY><P>you can try LAB based failover, and increase to failover timers to a high value. </P></BODY></HTML> Thu, 16 Sep 2004 17:13:17 GMT https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346620#M560869 nkhawaja 2004-09-16T17:13:17Z https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346621#M560871 <HTML><HEAD></HEAD><BODY><P>I assume you mentioned LAN based failover. </P><P></P><P>Replication needs to happen between primary and secondary firewalls in the active site, AND then replicate to the failover bundle in the DR site.</P><P></P><P>Is this feasible, or do we need to place one firewall of the failover bundle in the active site and the other in the DR site?</P></BODY></HTML> Fri, 17 Sep 2004 03:39:29 GMT https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346621#M560871 fullerms 2004-09-17T03:39:29Z https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346622#M560872 <HTML><HEAD></HEAD><BODY><P>yes i meant LAN based failover. But i thought that primary and secondary firewalls are in two separate sites. In your scenario, both primary and secondary on site1, and then you want the configs to be replicated to DR site, this is not possible via Failover. </P><P>You have to place one firewall of failover bundle in active site and other in the DR site, that is what i meant.</P><P></P><P>Thanks</P><P>Nadeem</P></BODY></HTML> Fri, 17 Sep 2004 17:56:34 GMT https://community.cisco.com/t5/network-security/pix-configuration-replication/m-p/346622#M560872 nkhawaja 2004-09-17T17:56:34Z