cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2077
Views
20
Helpful
11
Replies

Pix Firewall 515e

miguel
Level 1
Level 1

Hello,

I have a client with PIX 515e that is licensed as Failover Only Active/Standby. The main firewall is completely dead. I can get things up and running again by failover active command but after a reboot or after a period of time it goes back to standby. Can this unit remain the main active unit?

Cheers and thanks.

Miguel

1 Accepted Solution

Accepted Solutions

Miguel,

As per cisco documentation:

1.) The PIX Firewall failover-only  unit is intended to be used solely for failover and not in standalone  mode. If a failover unit is used in standalone mode, the unit will  reboot at least once every 24 hours until the unit is returned to  failover duty. When the unit reboots, the following message displays at  the console.

=========================NOTICE ==========================

       This machine is running in secondary mode without

       a connection to an active primary PIX. Please

        check your connection to the primary system.

               REBOOTING....

==========================================================

2.) If  a failover-only PIX Firewall is not attached to a failover connection  or is attached to the primary end of a Failover cable, then it will hang  at boot time. It should be a secondary unit.

Hope this helps,

BK

View solution in original post

11 Replies 11

miguel
Level 1
Level 1

p.s. let me clarify, what I mean by a period of time is not correct. So long as power as power and ethernet activity is good the unit remains active. We have bad storms here for the last few days and when the power goes out and UPS drains, the unit power down. The next AM, I have to set up the unit active again. Will this behavior continue until we replace the primary unit or can this unit be permanently set up as the active unit in a single unit environment?

Miguel,

As per cisco documentation:

1.) The PIX Firewall failover-only  unit is intended to be used solely for failover and not in standalone  mode. If a failover unit is used in standalone mode, the unit will  reboot at least once every 24 hours until the unit is returned to  failover duty. When the unit reboots, the following message displays at  the console.

=========================NOTICE ==========================

       This machine is running in secondary mode without

       a connection to an active primary PIX. Please

        check your connection to the primary system.

               REBOOTING....

==========================================================

2.) If  a failover-only PIX Firewall is not attached to a failover connection  or is attached to the primary end of a Failover cable, then it will hang  at boot time. It should be a secondary unit.

Hope this helps,

BK

Thank you for your answer.

One last one: Why would it go into standby mode after the reboot or after power out? I don't mind it rebooting every 24 hours but it comes back in standby mode and thus all in/out traffic does not work. Is this expected behavior or am I doing something wrong?

Miguel

enter the failover command and then save the config.

I did all my CCSP studies on one of these and it never went into standby.

Hello Golly,

I did the failover active command to get it back out of standby and then I did a write command to save the config but it comes back into stanby after a restart. I have done this several times but no joy.

Tks

Mate

Sorry to be a pain, but I am sure that this is possible - I had this running, that protected a wesite i did for my mate, I had it rebooting at midnight and would come back up cleanly.

Is there any chance you can post your config please - specifically the failover part. I'm wondering if you have it set as standby, whereas from memory I did a "clear config all", then just ran "failover" and volia!

I've flogged the unit on ebay, so can't check. Sorry

Hello Golly,

What you said is correct as long as the secondary device took over the

active role when the primary device (with UR license) was connected and it

went down. If you are trying to configure the FO device by itself, then it

will not work.

Regards,

NT

Hi NT


I'm positive that it did mate - it would reboot every 24 hours though.

From memory I was running 7.2.

It was a 515, not 515E, but I guess that is incedental...?

From memory I need to get this to failover, that is why I said it needed it, basically unless this is activated no config would take effect.

From memory when it booted it would then detect no mate and switch to active.

My brain is getting old, but some stuff I can just about recall :-)

cheers

Hello All,

I'm not sure how the standby unit switched over (gracefully or abruptly) or where the original active unit is. This is a new client that called out of the blue and I guess I will find out more tomorrow.

Thanks again for the courtesy and professionalism. Great forum!

Hello Miguel,

Also, if it is viable, you can just install a new license to convert the

existing firewall to standalone mode. If it is working as standalone, even

Restricted license could work.

Regards,

NT

p.s. thank you all for your answers and support. This is a very nice and professional group. Great forum Cisco.

Review Cisco Networking for a $25 gift card