Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
3
Replies

PIX failover mechanism

leejoansin
Level 1
Level 1

‎10-06-2004 01:12 AM - edited ‎02-20-2020 11:40 PM

I am deploying a pair of PIX directly connecting to a pair of firewalls managed by a 3rd party. My firewall pair is to provide for the necessary redundancy in case of failure in the master PIX. The connections between PIX and 3rd party's firewalls were point-to-point, i.e. master PIX to master firewall and standby PIX to standby firewall (See Scenario 1). However I was told that connecting in this way will cause failover mechanism to fail. To make the failover works I have to connect as per in Scenario 2.

Qn:

1. Is it true that I need to connect in scenario 2?

2. Just wondering how the PIX failover mechanism works? Is it by keepalive messages sending across the external-facing interfaces?

Thank you!

Preview file
22 KB
0 Helpful
3 Replies 3

a.awan
Level 4
Level 4
In response to Endwigast

‎10-06-2004 10:19 AM

Scenario two is the correct way. The reason being that the PIX firewalls in a failover configuration send failover hello packets on all interfaces and if an interface does not detect two consecutive hello packets in a specific time interval the interface enters testing mode.

0 Helpful

leejoansin
Level 1
Level 1
In response to Endwigast

‎10-06-2004 04:46 PM

Thank you! It helps a lot! :-)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card