Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
3
Replies

[PIX 515E, 6.2] Failover information/questions

andy.cruz
Level 1
Level 1

‎10-21-2003 04:49 PM - edited ‎02-20-2020 11:03 PM

We are using a Failover Cable for failover. We are also using stateful failover between the PIX 515 firewalls using a FastEthernet interface. I really need some info about the following:

1. If the failover cable fails (or was removed), while the 2 firewalls are already powered on, no switching occurs. But, this document

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml#failovermonitoring

mentioned that,

"If a standby PIX does not receive a "hello" from the failover cable for 3 consecutive poll checks, the standby PIX initiates a switchover and declares the other PIX failed. If the active PIX does not hear the "hello" messages, it stays active and sets the other PIX as failed."

Question: If the cable is not immediately replaced, what will happen?

2. If the stateful failover cable fails (or was removed), no switching occurs.

Question: If the cable is not immediately replaced, what will happen?

3. Also, if both cables fail and were not immediately replaced, what will happen?

The answers could probably be in the documentation but I'm just hoping to hear quick/direct answers from anybody who have encountered these scenarios.

Sorry for the number of questions. I haven't worked with PIX firewalls that much.

Thanks in advance for any help.

0 Helpful
3 Replies 3

umedryk
Level 5
Level 5

‎10-28-2003 03:09 PM

Hi Andy,

I am sure you would be aware of two different kind of failover technologies :

Cable based and Lan-based failover. First one requieres a dedicated failover cable to be connected between both the pixes.

Later does not. If the cable is not replaced for statful, the failever will any way takes place, but the users/applications will have to reinitite the conncection, that is they loose the connection.

0 Helpful

8dstaicu
Level 1
Level 1

‎10-29-2003 01:32 AM

1. if you remove failover cable in v6.2, all failover mechanism is disabled - so adio switchover.

2. if you remove failover link, stateful failover is disabled. In case of switchover, secondary pix need to rebuilt entire xlate table. You will lose all connection for 15-60 secs depeding on traffic.

3. same as 1. failover is disabled.

0 Helpful

dlevinso
Level 1
Level 1

‎10-29-2003 04:38 PM

The PIX software differentiates between lack of traffic on the failover serial cable and lack of the cable itself. You are disabling scenario 1 by removing the cable.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card