Firewall Wizards mailing list archives
Re: Managing multiple Cisco Pix's
From: Victor Williams <vbwilliams () neb rr com>
Date: Sat, 08 Sep 2007 12:37:39 -0500
Then why not do LAN failover? That's a pretty well documented feature of PIX OS 7 and up. James Burns wrote:
Sorry, to clarify: We will have two firewalls at either side of our campus serving the same internal network, but with different /external/ addresses - this is necessary because of the way that our provider has arranged things. Each runs OSPF. Both units are, in effect, active - but no traffic will be passed via the "backup" until the primary goes down, because of the way that the routing is configured. Cisco allows for active/active failover between Pix units, but ONLY if they are running multiple security contexts, and we do not do this, nor need to. What we're looking for is an elegant and preferably inexpensive way of keeping the ruleset up-to-date on both boxes without the need to manually edit on both every time a rule is added/amended. Hope this makes things clearer! James
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Managing multiple Cisco Pix's James Burns (Sep 05)
- Re: Managing multiple Cisco Pix's Paul Melson (Sep 05)
- Re: Managing multiple Cisco Pix's dlang (Sep 05)
- Re: Managing multiple Cisco Pix's James (Sep 06)
- Re: Managing multiple Cisco Pix's Aaron Smith (Sep 06)
- Re: Managing multiple Cisco Pix's Timothy Shea (Sep 06)
- Re: Managing multiple Cisco Pix's James Burns (Sep 08)
- Re: Managing multiple Cisco Pix's Victor Williams (Sep 10)
- Re: Managing multiple Cisco Pix's dlang (Sep 05)
- <Possible follow-ups>
- Managing multiple Cisco PIX's Stefan avgoustakis (Sep 06)
- Re: Managing multiple Cisco Pix's Paul Melson (Sep 05)