Firewall Wizards mailing list archives

Re: PIX stateful failover and separate external circuits

From: Florin Andrei <florin () andrei myip org>
Date: Fri, 16 Feb 2007 09:31:39 -0800

James Burns wrote:

Hi Florin,

The information you have been given is correct. For a Pix to support 
stateful failover, a dedicated LAN interface between the two units is 
required. You can read more here:

http://www.cisco.com/warp/public/110/failover.html#statefulfailover


Exactly. I just realized I've seen this a while ago - I had a pair of 
PIXes in a failover configuration, each one connected to a different 
switch, and the inter-connection between switches broke. The firewalls 
went nuts trying to kickstart the failover process.

So yeah, the interfaces of the primary and the secondary need to be in 
the same LAN segment.

-- 
Florin Andrei

http://florin.myip.org/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX stateful failover and separate external circuits Florin Andrei (Feb 14)
- Re: PIX stateful failover and separate external circuits Victor Williams (Feb 15)
- Re: PIX stateful failover and separate external circuits James Burns (Feb 15)
  - Re: PIX stateful failover and separate external circuits Florin Andrei (Feb 16)
- Re: PIX stateful failover and separate external circuits Paul Murphy (Feb 15)