Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: pix 515 failover

From: "Daniel Handley" <daniel.handley () quixa com>
Date: Fri, 6 Sep 2002 08:34:02 +0100
i can setup the failover no problems but my question is
when the pix fails over does the second one assume the ip
address assigned
to the interface on the primary


Yes


or does it use the address assigned under the failover
command for that
interface.


No


if the interface assumes the address assigned under the
failover command
how does one go about routing from a router etc to the firewall??


The failover address is used by the backup pix when in secondary mode.
When your main pix fails the backup takes over to become active using the
main ip addresses assigned.
Any sessions currently open over the pix will be dropped during a failover
exchange. There is an additional option of statefull failover that
replicates
current sessions between active and secondary pix to make a seamless change
over.
However no one has ever noticed when i have turned a pix off by mistake and
failover has kicked in (yet).



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: