11-18-2001 11:17 PM - edited 03-08-2019 09:12 PM
Can i configure my PIX to detect a link failure (example :if my outside link fails or my insdie link fails, can i configure my PIX to detect this change and act accordingly ?
11-19-2001 12:12 AM
No,
The PIX doesn't do anything like that.
mike kantowski
ccnp
11-19-2001 11:37 AM
Link failure can be detected by routers, not the PIX firewall. And the failure will be advertised with routing protocols. The PIX support RIP routing protocol for the default route only.
11-19-2001 09:19 PM
I completely agree with that, but the PIX does a link failure detection if it is configured and connected for failover, this is done by doin a ping test on all its interfaces .My next question is , can i configure the PIX in such a way that only when a specific (for example , the inside) fails , then only i want the PIX to detect this and do failover .
Can this be done?
Is it possibel by not giving a failover ip address for some of the interfaces, but then when failover happens ,this interface of the stanby cannot be used.so is there anyway this selective failover can be achieved?
This is only for knowledge purpose , but all inputs are welcome!
11-20-2001 07:59 AM
Tossing in my limited .02 cents here stricly for knowledge purposes also. The PIX does do link failure detection by default when failover is installed. The PIX will not do a "selective" failover (us the primary's outside interface & the secondary's inside interface). I might add that this is a good thing that it doesn't. Think of the latency issues this would cause.
The PIX backplane can handle in excess of 500MB of traffic, each interface (PIX-520) can handle 100MB of traffic so no problem pushing full pipe from inside to outside. If however the Primary used the secondary's inside interface, the only "secure" way for them to communicate would be via the failover cable. The failover cable is nothing more then a serial connection limited to 115,200Kbps. Completely inadequate for network traffic.
If I missed something, please post it.
11-20-2001 04:28 PM
I completely agree. The PIX failover concept is that the two units are really one. If any part of the primary PIX goes bad, the whole unit is considered bad, and the secondary takes over all operation from the primary. At that point, the failed primary will sit and collect dust. At no time will both units pass network traffic at the same time.
Anytime you have a pair of PIXes in failover config, you must view the pair as one logical unit.
mike kantowski
ccnp
11-20-2001 10:18 PM
Thanx for ur response, i just wanted to know wether there was anyway of doin this, but i guess it a NO!
as for the consideration as a logical single unit, yeah i think all the setups in a network for redundancy , like HSRP, VRRP and PIX failover etc, shld be viewed as one unit , which makes it easy for the human mind :-),
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide