Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
2
Replies

pix failover transition time

ponparthi
Level 1
Level 1

‎03-16-2005 11:31 PM - edited ‎02-21-2020 12:01 AM

Hi all

I have configured my pix 525 for failover.

But when i power off my primary (active) unit the ping response initiated to a internet host from one of my vlan gets dropped for a minitue and i start getting the response only after a minute from the internet.

Is this transition period for failover the normal behaviour or it should come fast.

As per cisco website i have read that standby unit should come up in 30 to 45 seconds

The output of the sh failover is pasted below.

Any help appreciated

Regards

Parthiban

sh failover

Failover On

Cable status: Normal

Reconnect timeout 0:00:00

Poll frequency 3 seconds

failover replication http

Last Failover at: xx:xx:xx xxx Thu Mar 10 2005

This host: Primary - Active

Active time: 598662 (sec)

Interface outside (x.x.x.x): Normal

Interface inside (10.1.253.1): Normal

Interface stateful-failover (10.1.252.1): Normal

Interface intf3 (0.0.0.0): Link Down (Shutdown)

Interface REMOTEZONE (10.1.7.254): Normal

Interface DMZ (10.1.14.254): Normal

Interface BACKBONEZONE (10.1.6.30): Normal

Interface INTF4 (0.0.0.0): Link Down (Shutdown)

Other host: Secondary - Standby

Active time: 0 (sec)

Other host: Secondary - Standby

Active time: 0 (sec)

Interface outside (x.x.x.x): Normal

Interface inside (10.1.253.2): Normal

Interface stateful-failover (10.1.252.2): Normal

Interface intf3 (0.0.0.0): Link Down (Shutdown)

Interface REMOTEZONE (10.1.7.253): Normal

Interface DMZ (10.1.14.253): Normal

Interface BACKBONEZONE (10.1.6.29): Normal

Interface INTF4 (10.1.6.28): Link Down (Shutdown)

0 Helpful
2 Replies 2

sachinraja
Level 9
Level 9

‎03-17-2005 03:15 AM

Hi,

have the failover poll interval to the minimum.. i think 3 secs is the min value.. another thing to make sure is to have the switch ports connected to the PIX firewall interfaces, to have port fast enabled...

Portfast should be enabled on all the ports whre the PIX interface directly connects, and trunking, channeling should be disabled.. this way, if the PIX's interface goes down during failover, the switch does not have to wait for 30 secs while the port is transitioned from listening state to a forwarding state....

try this and let us know....

Raj

0 Helpful

ponparthi
Level 1
Level 1
In response to sachinraja

‎03-17-2005 10:22 PM

Hi Raj

Thanks for your response. I have enabled the post fast already for all the ports directly connected to pix. but trunking is also off, I have given switchport mode access in all the ports. what do u mean by channeling on these ports.

Further my client is worried about the transition time of the secondary firewall only when primary (active) goes down.

So when i power down my primary active could you please tell me how fast the secondary will become active.

Regards

Parthiban

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card