Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
418
Views
0
Helpful
2
Replies

FWSM failover failed interfaces

gs
Level 1
Level 1

‎11-07-2005 02:40 AM - edited ‎03-09-2019 12:57 PM

A recent logical relocation of certain interfaces on the firewall has invariably resulted in a subsequent failure of the failover interfaces on the standby unit.

The question below would help clarify how to solve this dilemma:

Whether the keepalive traffic between the active fwsm and standby are affected by the ACL on the interface. - Information: An in/out ACL is defined each interface

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎11-07-2005 06:36 PM

No, failover keepalives are NOT affected by the interface ACL, in just the same way as telnet/ssh/ospf/syslog/etc type traffic are also not affected. Basically anything to/from the PIX itself is not affected by interface ACL's.

0 Helpful

gs
Level 1
Level 1
In response to gfullage

‎11-08-2005 02:23 AM

Thanks.

I noticed the failed interfaces on the standby fwsm cannot be reached from the active nor anywhere else. The same is true of the active interfaces in waiting state.

A debug of icmp and packet shows that the packets does not reach the active pair from the standby and vice versa.

The other interfaces are ticking away nicely with nothing to report.

Additional information:

FWSM Firewall Version 2.3(1)7

FWSM Device Manager Version 4.1(1)

0 Helpful
Customers Also Viewed These Support Documents