Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
0
Helpful
4
Replies

PIX Failover: failover cable disconnected and active unit powered-off

Go to solution
druch
Level 1
Level 1

‎10-20-2004 06:29 AM - edited ‎02-20-2020 11:41 PM

Hi all,

We have 2 PIX 515E 6.3(3) in failover configuration(not stateful failover). The failover basically works fine. Recently we made some failover tests and had the following situation:

When the failover cable is disconnected and we power-off the active PIX, the standby box remains inactive and didn't change to the active state.

Is this the "normal" behaviour or is there something wrong?

Thank's for your reply.

Daniel Ruch

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scoclayton
Level 7
Level 7
In response to druch

‎10-21-2004 04:59 AM

Daniel,

As mentioned earlier, the behavior you are reporting is expected. If the failover cable is removed from a failover pair of PIX's while running, each PIX will maintain it's current state as the active or stand-by PIX. Removing the failover cable in effect, disables failover on both units to prevent having both devices moving to an active state.

Does this make sense? I am still confused as to *why* you are testing this though. Is this something that you think will happen in your environment?

Scott

View solution in original post

0 Helpful
4 Replies 4

Go to solution
scoclayton
Level 7
Level 7

‎10-20-2004 09:58 AM

Not sure I follow. You are using both serial failover as well as Lan based failover? If so, why? Serial based failover is recommended unless you need to have the PIX's seperated by more than 6 feet (length of the serial failover cable).

But to answer your question assuming the failover is setup correctly, yes, what you are reporting is expected. If the failover cable is disconnected while both PIX's are running, then each PIX will maintain it's current state as either the active or the stand-by PIX. What exactly are you trying to test?

Scott

0 Helpful

Go to solution
druch
Level 1
Level 1
In response to scoclayton

‎10-21-2004 04:23 AM

Hi Scott,

We are using only serial failover. We made the following test, started with both firewalls up and in active/standby status:

1. removing the failover cable -> nothing changed, firewalls remaining in the same status(active/standby)

2. power-off the active firewall -> standby firewall remains in standby status, no connections are running anymore

I don't know if this is the expected behaviour when the failover cable is removed? I expected, that the standby firewall should change to active, because the 'hello' packets are lost. Maybe I'm wrong.

Thank's for your help.

Daniel

0 Helpful

Go to solution
scoclayton
Level 7
Level 7
In response to druch

‎10-21-2004 04:59 AM

Daniel,

As mentioned earlier, the behavior you are reporting is expected. If the failover cable is removed from a failover pair of PIX's while running, each PIX will maintain it's current state as the active or stand-by PIX. Removing the failover cable in effect, disables failover on both units to prevent having both devices moving to an active state.

Does this make sense? I am still confused as to *why* you are testing this though. Is this something that you think will happen in your environment?

Scott

0 Helpful

Go to solution
druch
Level 1
Level 1
In response to scoclayton

‎10-21-2004 06:21 AM

Hi Scott,

Thank's again for your reply. We made some degradation tests in our network and noticed this behaviour of the pix. But now my question is answered. Thank's a lot.

Daniel

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card