cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
794
Views
5
Helpful
2
Replies

PIX Failover Limitations

bbrowncisco
Level 1
Level 1

Hi,

I was wondering if someone could help me determine the limitations of using a failover-only PIX in standalone mode. I was reading this page: http://www.cisco.com/en/US/docs/security/pix/pix61/configuration/guide/failover.html and in the Failover Usage Notes it says that the PIX will reboot every 24 hours. But I have been running my failover-only PIX in standalone mode and sho ver shows an uptime of 133 days. Also, it says failover sluster up 288 days. How can that be when the primary unit was disconnected?

I am also wondering if I make configuration changes on the failover and it reboots, will the changes stick? If so, then when I plug the primary back in will those changes get over-written? Is the only way to save those changes to copy the config to TFTP, then copy it to primary before plugging in the primary?

Any other limitations with using failover in standalone?

Thanks a lot!

Regards,

Bill

2 Replies 2

ivillegas
Level 6
Level 6

PIX with the failover license are intended to be used solely for failover and not in standalone mode. If a failover unit is used in standalone mode, the unit reboots at least once every 24 hours until the unit is returned to failover duty.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/config/advanced.htm#xtocid6

Failover requires you to purchase a second PIX Firewall unit sold as a failover unit that only works as a failover unit.

Hi.. i would like to check with you whether if the failover pair rebooted, will we lost the crypto key? i'm having issue to source for a UR pix to reply my faulty pix and FO unit is running alone now. each time when the pix rebooted, i lost crypto key and unable to access the pix via ssh. hence, everyday i need to generate RSA key again. is it part of FO license limitation?

Review Cisco Networking for a $25 gift card