Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
1
Replies

Primary PIX and Secondary PIX, is there any uniqueness between them?

mlabuguen
Level 1
Level 1

‎08-07-2003 05:58 AM - edited ‎02-20-2020 10:55 PM

Hi,

I was just curious in finding out whether a primary PIX firewall has a certain hardware/firmware that distinguishes itself from a secondary pix. I understand that a secondary standby PIX FW has the exact configuartion parameters as the primary and also changes its role as soon as the primary active pix fails but what if i were to power both PIXs off, disconnect the failover cable, and just power on the secondary? Will the secondary boot up seamlessly as primary and start passing traffic?

This question popped in my head as i was taking the primary totally offline. It needed to be replaced so i shut both PIXs off, disconnected the failover cable connecting both pixs, and finally turned only the secondary on. The secondary PIX booted up but i soon found out that it was not allowing anything in or out?

Is there something in the activation key that places a PIX FW as Primary or Secondary status or are both PIXs interchangeable based on where you plug the primary side of the failover cable?

What do you think?

Thank You!

Marvin

0 Helpful
1 Reply 1

l.mourits
Level 5
Level 5

‎08-07-2003 02:30 PM

Marvin,

You have to configure failover, see this link on CCO:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml

This document shows how failover works and how to configure failover

If you have configured it, then the secondary automaticly takes over after a period of time (configurable with "failover poll seconds")

If the secondary has become active, and you shut down the power of that one, before the primary was back online, then this one will see no failover unit, starts up with a warning message on console and keeps constantly rebooting after a certain period of time (I believe it were 15 minutes)

So, how to handle in case of hardware replacement of the primary?

- keep repairing time as short as possible

- even if you have a primary and secundary PIX, always install a UPS for continuous powersupply (and ofcourse two separate UPS´s in case of a failoverbundle)

- if primary fails and disconnected never turn of PIX power of the secundary PIX

This is what I use, works fine for me

Kind Regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card