Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pix 515 failover

From: Daniel Linder <dan_linder () yahoo com>
Date: Thu, 5 Sep 2002 19:29:11 -0700 (PDT)

--- barry <Barry.Haycock () b-online com au> wrote:

i can setup the failover no problems but my question is
when the pix fails over does the second one assume the ip address
assigned 
to the interface on the primary
or does it use the address assigned under the failover command for
that 
interface.

if the interface assumes the address assigned under the failover
command 
how does one go about routing from a router etc to the firewall??



From another device on the network, the "primary" PIX will never

disappear.  If the "primary" PIX fails, the secondary sets it's IP
Address and MAC address to what the "primary" PIX had.  When the
"primary" PIX comes back up, it sees the other one out there and takes
the "secondary" IP and MAC addresses.

For all other devices that have to talk to the PIX, just point them to
the "primary" PIX IP address and the failovers will be unnoticable.  In
a crude test when were setting ours up, we did a "ping -f" (flood/fast
ping) from a Linux box to a router on the other side of the PIX. 
During the failover, we only lost about 1/3 of a seconds worth of
pings!

Dan

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: