Firewall Wizards mailing list archives

Re: Managing multiple Cisco Pix's

From: Victor Williams <vbwilliams () neb rr com>
Date: Sat, 08 Sep 2007 12:37:39 -0500

Then why not do LAN failover?  That's a pretty well documented feature 
of PIX OS 7 and up.

James Burns wrote:

Sorry, to clarify:

We will have two firewalls at either side of our campus serving the 
same internal network, but with different /external/ addresses - this 
is necessary because of the way that our provider has arranged things.

Each runs OSPF. Both units are, in effect, active - but no traffic 
will be passed via the "backup" until the primary goes down, because 
of the way that the routing is configured.

Cisco allows for active/active failover between Pix units, but ONLY if 
they are running multiple security contexts, and we do not do this, 
nor need to. What we're looking for is an elegant and preferably 
inexpensive way of keeping the ruleset up-to-date on both boxes 
without the need to manually edit on both every time a rule is 
added/amended.

Hope this makes things clearer!

James

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Managing multiple Cisco Pix's James Burns (Sep 05)
- Re: Managing multiple Cisco Pix's Paul Melson (Sep 05)
  - Re: Managing multiple Cisco Pix's dlang (Sep 05)
    - Re: Managing multiple Cisco Pix's James (Sep 06)
    - Re: Managing multiple Cisco Pix's Aaron Smith (Sep 06)
  - Re: Managing multiple Cisco Pix's Timothy Shea (Sep 06)
  - Re: Managing multiple Cisco Pix's James Burns (Sep 08)
    - Re: Managing multiple Cisco Pix's Victor Williams (Sep 10)
- <Possible follow-ups>
- Managing multiple Cisco PIX's Stefan avgoustakis (Sep 06)