https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248824#M588502 <HTML><HEAD></HEAD><BODY><P>Hi Andy,</P><P></P><P>I am sure you would be aware of two different kind of failover technologies : </P><P>Cable based and Lan-based failover. First one requieres a dedicated failover cable to be connected between both the pixes.</P><P>Later does not. If the cable is not replaced for statful, the failever will any way takes place, but the users/applications will have to reinitite the conncection, that is they loose the connection.</P></BODY></HTML> Tue, 28 Oct 2003 23:09:12 GMT umedryk 2003-10-28T23:09:12Z https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248823#M588501 <P>We are using a Failover Cable for failover. We are also using stateful failover between the PIX 515 firewalls using a FastEthernet interface. I really need some info about the following:</P><P></P><P>1. If the failover cable fails (or was removed), while the 2 firewalls are already powered on, no switching occurs. But, this document </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml#failovermonitoring" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml#failovermonitoring</A></P><P></P><P>mentioned that,</P><P></P><P>"If a standby PIX does not receive a "hello" from the failover cable for 3 consecutive poll checks, the standby PIX initiates a switchover and declares the other PIX failed. If the active PIX does not hear the "hello" messages, it stays active and sets the other PIX as failed."</P><P></P><P></P><P>Question: If the cable is not immediately replaced, what will happen?</P><P></P><P></P><P>2. If the stateful failover cable fails (or was removed), no switching occurs.</P><P></P><P>Question: If the cable is not immediately replaced, what will happen?</P><P></P><P></P><P>3. Also, if both cables fail and were not immediately replaced, what will happen?</P><P></P><P></P><P>The answers could probably be in the documentation but I'm just hoping to hear quick/direct answers from anybody who have encountered these scenarios.</P><P>Sorry for the number of questions. I haven't worked with PIX firewalls that much.</P><P></P><P>Thanks in advance for any help.</P> Fri, 21 Feb 2020 07:03:29 GMT https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248823#M588501 andy.cruz 2020-02-21T07:03:29Z https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248824#M588502 <HTML><HEAD></HEAD><BODY><P>Hi Andy,</P><P></P><P>I am sure you would be aware of two different kind of failover technologies : </P><P>Cable based and Lan-based failover. First one requieres a dedicated failover cable to be connected between both the pixes.</P><P>Later does not. If the cable is not replaced for statful, the failever will any way takes place, but the users/applications will have to reinitite the conncection, that is they loose the connection.</P></BODY></HTML> Tue, 28 Oct 2003 23:09:12 GMT https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248824#M588502 umedryk 2003-10-28T23:09:12Z https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248825#M588503 <HTML><HEAD></HEAD><BODY><P>1. if you remove failover cable in v6.2, all failover mechanism is disabled - so adio switchover.</P><P>2. if you remove failover link, stateful failover is disabled. In case of switchover, secondary pix need to rebuilt entire xlate table. You will lose all connection for 15-60 secs depeding on traffic.</P><P>3. same as 1. failover is disabled.</P></BODY></HTML> Wed, 29 Oct 2003 09:32:55 GMT https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248825#M588503 8dstaicu 2003-10-29T09:32:55Z https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248826#M588504 <HTML><HEAD></HEAD><BODY><P>The PIX software differentiates between lack of traffic on the failover serial cable and lack of the cable itself. You are disabling scenario 1 by removing the cable.</P></BODY></HTML> Thu, 30 Oct 2003 00:38:18 GMT https://community.cisco.com/t5/network-security/pix-515e-6-2-failover-information-questions/m-p/248826#M588504 dlevinso 2003-10-30T00:38:18Z