I tried it with no ip address, and got warnings on the standby firewall about a lack of an ip address. That's actually ok with me, as long as the address fails over properly. I'll have to check and see if failover works the way I anticipate.

and maybe the "hello" packets are using MAC addresses instead of IP...

I'll post the answer when the customer finally lets me install and test it.

I can't read your reference since I'm not a partner. I've done some testing and validated that setting the firewalls up in this way does NOT keep them from working, but I get a warning on the standby firewall about the lack of an IP address. I will have to check failover next week. While failover may not happen if the interface with only one IP fails, I'm still reasonably certain that a hardware/power failure would cause failover and that the single IP address would shift to the standby firewall in that case.

Acid test will be next monday morning, I'll let you know.

You need to have a standby IP address configured on the STDBY interface for failover to functions as documented as following are the steps involved in checking state of interface and each requires unique IP addresses on interfaces

NIC Status Test

This test is a Link Up/Down check of the NIC itself. If an interface card is not plugged into an operational network, it is considered failed.

Network Activity Test

This test is a "received network activity" test. The unit counts all received packets for up to 5 seconds. If any packets are received at any time during this interval, the interface is considered operational and testing stops. If no traffic is received, the unit performs an ARP test.

ARP Test

In the ARP test, the ARP cache of the unit is read for the ten most recently acquired entries. Then, one at a time, the unit sends ARP requests to these machines, in an attempt to stimulate network traffic. After each request, the unit counts all received traffic for up to 5 seconds. If traffic is received, the interface is considered operational. If no traffic is received, an ARP request is sent to the next machine. If at the end of the list no traffic has been received, the unit performs the Ping test.

Ping Test

In order to perform the Ping test, the unit sends out a broadcast ping request. The unit then counts all received packets for up to 5 seconds. If any packets are received at any time during this interval, the interface is considered operational and testing stops. If no traffic is received, the testing starts over again with the ARP test.

Well, in reality, it works just fine. The one pair of interfaces that I could only assign one address two came up, and failover occurs when the link goes down on the active firewall, or if the primary firewall is reset.

I may not have been quite clear with my first question, these firewalls have three nets plus the status link, and only one of the nets has no failover ip. Here's the SHOW FAILOVER command:

show failover

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 5 seconds

Last Failover at: 06:59:05 EST Mon Feb 27 2006

This host: Primary - Active

Active time: 480 (sec)

Interface sdclan (10.164.4.1): Normal

Interface tcs (10.164.2.30): Normal

Interface dohrcpo (10.75.29.82): Normal (Waiting)

Interface intf3 (0.0.0.0): Link Down (Shutdown)

Interface intf4 (0.0.0.0): Link Down (Shutdown)

Interface fwstate (192.168.99.1): Normal

Other host: Secondary - Standby

Active time: 0 (sec)

Interface sdclan (10.164.4.2): Normal

Interface tcs (10.164.2.29): Normal

Interface dohrcpo (0.0.0.0): Normal (Waiting)

Interface intf3 (0.0.0.0): Link Down (Shutdown)

Interface intf4 (0.0.0.0): Link Down (Shutdown)

Interface fwstate (192.168.99.2): Normal

So the DOHRCPO link only has one address floating between the two firewalls, but it works fine. I do get a warning message that there's no ip address assigned, but I can live with that.