Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix fileover

Status
Not open for further replies.
shihlin

shihlin

MIS
Dec 6, 2004
45
US
I have question about stateful failover on PIX 520. Several months ago the primary Firewall had hardware problem and we take it down for repair. Now the primary firewall is working, and I thinking to put it back to production. My question is failover going to work? What are procedures or precautions I need to take before I reconnect back the cables?


Thanks for reply


SL
 
Sort by date Sort by votes
Well, I would first boot backup up your primary firewall off-line, and make sure that the config is still how you had it before it was out of commission (mainly ip addresses). Then, connect your failover cable(s), and power on the primary firewall. You might have to then reboot the secondary (active) one to make sure that the primary one is re-elected as the active one.

You might want to do this after hours to so that there is no impact to your business.

Hope this helps!
 
Upvote 0 Downvote
Thanks for promptly reply. The configuration is still in primary Firewall. However we made some changes on Secondary active firewall during the period when primary is offline. So, I plug-in the failover serial cable (label Primary), and cat5 failover (for stateful) and powering on the primary firewall. After it boot up, I check the failover on secondary – active with show failover.
It shows:
This host: Secondary – Active
Interface outside (x.x.x.x): Normal (Waiting)
Interface inside (x.x.x.x): Normal (Waiting)
Interface DMZ (x.x.x.x): Normal (Waiting)
Interface failover (x.x.x.): Normal (Waiting)
Other host: Primary – Standby
Interface outside (x.x.x.x): Link Down (Waiting)
Interface inside (x.x.x.x): Link Down (Waiting)
Interface DMZ (x.x.x.x): Link Down (Waiting)
Interface failover (x.x.x.): Normal (Waiting)
In the statistics I can see the xmit and rcv both have number and is incrementing. It shows synchronizing on Secondary – Active when Primary – Standby was up and running. However, several minutes later the secondary – active firewall is not transmit any traffic. And the Internet just went down. So I have to remove the cable from primary – standby and put reload the Secondary – active to get it back to online. My question is normal to cause active fail when Primary – Standby went back in line during synchronizing? Also assume I just want the Secondary – Active to stay as Secondary, I don’t need to failback to Primary – Active, does firewall still need to re-elect?

Thanks,


SL
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
190
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
248
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
396
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
179
quazimotto
quazimotto
hall5942
  • Locked
  • Question
Site to Site VPN with Cisco 881 and PIX
Replies
0
Views
163
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top