Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
5
Helpful
1
Replies

Stateful failover not working

dharris
Level 1
Level 1

‎12-08-2004 07:38 PM - edited ‎03-09-2019 09:42 AM

IMO, stateful failover means active TCP connections are retained and, once the firewall fails over there might be a small blip, but eg downloads will resume.

This does not appear to be the case on a PIX. I have configured cable based, and stateful failover using dedicated interfaces and can see the state table being populated. 2950 switches have been also set and verified. The firewalls certainly failover, however, state is not retained and downloads break and have to be restarted from scratch.

So.... has anyone had a PIX configured to do this?

If so, please enlighten me with a how to.

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎12-09-2004 02:55 AM

Hello harris,

Cisco says:

stateful failover passes on the PIX address translation (xlate,static & dynamic) and connection records that are essential for the user operation, to the standby PIX.

TCP state tables are transferred, however by default http (TCP port 80) is not replicated. since all the downloads are http based, the replication is not done by default. in versions 6.0 and later, you can force this by using the command "failover replicate http"

just try this and see if it works out for you..

All the best..

Raj

Customers Also Viewed These Support Documents