Re: PIX Failover & Other Queries

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: [fw-wiz] PIX Failover & Other Queries

> Is it possible to have to firewalls in a failover set failover as normal,
but have the failover Pix have 
> a different outside IP address? 

No.

> What about upgrading the licence from FO to UR - would that allow it? 

No. 


> The best possible solution I've managed to come up with so far, is to have
two routers (or L3 switches) 
> - just outside each of the Pix's - configured for HSRP. If the main link
goes down, what I would like to 
> happen is for the other router to take over via HSRP, and for the firewall
pair to failover to the 
> backup. Does that sound feasible?

This is probably your best option.  Whether you use OSPF and HSRP between
the routers or go to BGP to load-share across the two connections, using
routers outside the PIX's is the best way to get redundant paths with
different IP addresses.

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards