Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

Query for failover in PIX firewall

sunil-koul
Level 1
Level 1

‎03-05-2012 01:23 AM - edited ‎03-07-2019 05:20 AM

I have two pix 515-e which are in failover.now the staus for failover is shown in below.it shows primary is standby and secondary is Active.If i am modifying config it gives warning the change will not be replicated to Active as change is done in standby.How to correct this can anybody help here.

Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
Last Failover at: 02:10:13 UTC Thu Feb 16 2012
        This host: Primary - Standby
                Active time: 0 (sec)
                Interface outside (167.1.162.4): Normal
                Interface inside (10.130.98.4): Normal
                Interface Breakme (10.130.120.2): Normal
                Interface DMZ (10.130.98.186): Normal
                Interface Breakme-L7 (192.168.5.2): Normal
                Interface stateful (192.168.1.2): Normal
        Other host: Secondary - Active
                Active time: 1893255 (sec)
                Interface outside (167.1.162.3): Normal
                Interface inside (10.130.98.5): Normal
                Interface Breakme (10.130.120.1): Normal
                Interface DMZ (10.130.98.185): Normal
                Interface Breakme-L7 (192.168.5.1): Normal
                Interface stateful (192.168.1.1): Normal

Stateful Failover Logical Update Statistics
        Link : stateful
        Stateful Obj    xmit       xerr       rcv        rerr     
        General         208847     0          18116796   0        
        sys cmd         208847     0          208847     0        
        up time         0          0          2          0        
        xlate           0          0          2383444    0        
        tcp conn        0          0          15522986   0        
        udp conn        0          0          0          0        
        ARP tbl         0          0          0          0        
        RIP Tbl         0          0          0          0        

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       13      6778743
        Xmit Q:         0       1       208847

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎03-08-2012 09:04 AM

The output does show that the device to which you connect was originally configured to act as primary and is currently acting as standby. As such any config change that you make on this device would not sync to the other PIX.

There are two alternatives that you could use:

- you could connect to the other PIX and make the config change on it. Then the config change would sync to both PIXes.

- you could fail back so that this PIX once again becomes the active one which would allow you to make the config changes on this one and have it sync to the other PIX.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card