cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
317
Views
0
Helpful
3
Replies

Activation keys and failover operation

mlabuguen
Level 1
Level 1

Hello,

Before you even start connecting two PIXs together for failover operation, i was told that the activation key is what distinguishes a primary pix from a secondary. Is this true? Aren't firewalls independent from each other meaning that a firewall can either serve as primary or secondary?

If the above statement is true, then the failover cable needs to strictly be connected where the Primary end connects to the Primary enabled PIX and the secondary connects to the Secondary enabled PIX.

If PIX FW's are strictly tagged as Primary or Secondary based on their Activation Key, how can we tell the difference? Is there any show command that display the characteristic of the PIX FW?

Thanks for your help!

3 Replies 3

jmia
Level 7
Level 7

Hello Marvin,

I beleive you are talking about PIX Failover licence, here's a quick explanation -

The failover licence is necessary if you wish to connect two PIXs together and perform either non-stateful or stateful failover. If you do not currently have a licence for failover, and wish to add it for your PIXs, it is a simple matter of paying Cisco the necessary money, and Cisco will then give you a key that you can use to unlock the failover feature.

A limited licence is typically indicated by the letter ‘R’ in the software licence. A limited licence indicates that you have not purchased all the features for you PIX. However, if your licence is indicated by the letters ‘UR’, this indicates that you have an unrestricted licence and thus have access to ALL of the features of your PIX, such as, Encryption, Failover, and Connections.

Hope this helps -

jmia
Level 7
Level 7

Hello Marvin - Forgot to add the URL, A grate cisco document on Failover:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/failover.htm

Thanks - Jay

Thanks Jay,

Actually we have UR licences for each. We've been running failover for quite some time now, but our original PIXs have a cisco field notice appended to their serial number (timing bug). I had to replace them so I ordered RMA replacement PIXs. I was given two new activation codes to input into the the RMA fw's.

The problem was the activation codes from cisco was not labled as primary or secondary. That was when i questioned about the properties of activation codes.

(Whether activation codes were specified for ONLY Primary or ONLY secondary pix functionality)

I've since emailed the cisco tac engineer who gave me the codes and she pointed out which activation code was for Primary use and which one was for secondary use.

Thanks,

Marvin