Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
3
Replies

PIX FAILOVER ACTIVE-STANDBY

giuliano
Level 1
Level 1

‎03-14-2003 01:49 AM - edited ‎02-20-2020 10:37 PM

Hi all.

Reading the docs, when 2 pix are in LAN FAILOVER situation (without stateful link), primary unit is active and secondary unit is standby.

When primary goes down, secondary get the active status and start to

accept traffic.

When primary goes up after a failure, it shuold reclaim the active status, but

in my situation the secondary remain active and the primary is standby.

To force primary to return active i shuold issue "failover actvie".

Why this?

I miss somethings?

Thanks.

G.

0 Helpful
3 Replies 3

jbeining
Level 1
Level 1

‎03-14-2003 03:04 AM

Hi G

That goes for all failover devices such as PIX'es, LocalDirectors etc.

Every time a unit goes from standby to active there is a short time with no connection to whatever users are trying to reach. All connections are also dropped, which can result in timeouts for users.

Since the primary and secondary unit are only selected by the end of the failover cable and only can work on 2 identical units, there is no need to switch back. The performance is exactly the same on both units, so why risk losing maybe important sessions? As I see it, there is no need for such a "switchback" mechanism and I am sure that Cisco feels the same way about this.

Best regards

Jan

0 Helpful

giuliano
Level 1
Level 1
In response to jbeining

‎03-14-2003 08:03 AM

Yes, it sounds logic ....

Thanks.

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to giuliano

‎03-16-2003 07:08 PM

Just to confirm what the previous poster said, after the primary or failed PIX comes back up, the currently active PIX does NOT automatically fail over. Why should it. If you want to force the primary to become the active again then you can either do a "failover active" on the primary, or a "no failover active" on the secondary.

This is noted here:

http://www.cisco.com/warp/public/110/failover.html#failback

Also, the previous poster mentioned that during failover all sessions are lost. This is NOT true if you're doing stateful failover, which I would recommend.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card