Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
5
Replies

PIX Failover question

kope
Level 1
Level 1

‎03-21-2006 01:41 PM - edited ‎02-21-2020 12:47 AM

I got the following message when the primary PIX fail over to the secondary. My question is just how do I fail back to the primary PIX as an active unit?

# sh failover

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 15 seconds

Last Failover at: 09:53:43 cst Sun Mar 19 2006

This host: Primary - Standby

Active time: 8750355 (sec)

Interface outside (18.18.46.5): Normal

Interface inside (18.18.46.130): Normal

Interface dmz (18.18.45.2): Normal

Interface failover (10.10.10.3): Normal

Other host: Secondary - Active

Active time: 181080 (sec)

Interface outside (18.18.46.4): Normal

Interface inside (18.18.46.129): Normal

Interface dmz (18.18.45.1): Normal

Interface failover (10.10.10.1): Normal

Thanks.

0 Helpful
5 Replies 5

gfullage
Cisco Employee
Cisco Employee

‎03-21-2006 03:30 PM

To fail back to the primary unit you can either do:

failover active

on the primary, or do:

no failover active

on the secondary. Keep in mind that because a failover pair are always the same hardware, there theoretically is no advantage to running on the primary unit, and so if the units do fail over to the secondary for some reason, they will NOT fail back automatically. If for whatever reason you prefer running on the primary unit, then you have to manually fail them back using either of the above two commands.

0 Helpful

sebastan_bach
Level 4
Level 4
In response to gfullage

‎03-21-2006 05:45 PM

hi glen how are u . sebastan remember. good to see u in the forum adn helping us out. hey glen i have a serious doubt regarding the interface testing procedure in the pix failover process. if possible kind help me out . in the topic "stateful failover with cross-over cable between pix firewalls".if possible.pls help me out.waiting for ur reply. see ya and bye

sebastan

0 Helpful

kope
Level 1
Level 1
In response to gfullage

‎03-21-2006 06:11 PM

Thank you so much for your reply.

In fact, since it failover to the secondary unit for some reason, I am fine with just running on the secondary unit as an active unit. However, I got the following message when I try to configure something on the secondary unit. Is there a way to fix this without using the "failover" command you have suggested?

________________________________________

PRSPIX1# conf t

**** WARNING ***

Configuration Replication is NOT performed from Standby unit to Active unit.

Configurations are no longer synchronized.

0 Helpful

thamdani
Cisco Employee
Cisco Employee
In response to kope

‎03-22-2006 01:07 AM

Hi,

Pix will not replicate the config from standby to active unit,so make sure when ever you make any config changes it has to be on the Active unit.

Simply Check which Pix is Active then make the config changes on that.

Tanveer

0 Helpful

mloring
Level 1
Level 1
In response to thamdani

‎03-28-2006 08:35 AM

And check to see why the actice PIX failed in the first place. You don't want to leave behind a lingering problem....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card