PIX configuration Replication

fullerms · ‎09-13-2004

Hi all,

Is it possible to replciate the configuration of a PIX failover bundle across a wan link to another failover bundle? The idea is to set up two exits out of our network.

While traffic can be re-routed in case the primary gateway fails, our concern is to ensure the PIX ACLs and Nat configurations are available at the secondary at the time of failure.

We need a firewall at both gateways. How do we ensure that the configurations are replicated across both sites over the WAN? Changes will be made only at the primary site. The secondary site will be purely for backup only.

nkhawaja · ‎09-16-2004

you can try LAB based failover, and increase to failover timers to a high value.

fullerms · ‎09-16-2004

I assume you mentioned LAN based failover.

Replication needs to happen between primary and secondary firewalls in the active site, AND then replicate to the failover bundle in the DR site.

Is this feasible, or do we need to place one firewall of the failover bundle in the active site and the other in the DR site?

nkhawaja · ‎09-17-2004

yes i meant LAN based failover. But i thought that primary and secondary firewalls are in two separate sites. In your scenario, both primary and secondary on site1, and then you want the configs to be replicated to DR site, this is not possible via Failover.

You have to place one firewall of failover bundle in active site and other in the DR site, that is what i meant.

Thanks

Nadeem