Firewall Wizards mailing list archives

PIX stateful failover and separate external circuits

From: Florin Andrei <florin () andrei myip org>
Date: Wed, 14 Feb 2007 10:39:00 -0800

I've a pair of PIX fw's (OS ver 7.2) in a failover configuration. The 
two external interfaces are connected to the provider on two separate 
circuits.

The provider claims that in such a configuration, stateful failover will 
not work (the PIXes will do stateless failover), and we need to hook up 
a switch (or a pair of switches) between the two firewalls and the two 
circuits to enable stateful failover.

Somehow that doesn't sound right to me, but I cannot prove it, nor 
disprove it. Anybody knows what the real answer is? A link to some 
document that has the details to support the answer would be great, too.

Thanks,

-- 
Florin Andrei

http://florin.myip.org/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX stateful failover and separate external circuits Florin Andrei (Feb 14)
- Re: PIX stateful failover and separate external circuits Victor Williams (Feb 15)
- Re: PIX stateful failover and separate external circuits James Burns (Feb 15)
  - Re: PIX stateful failover and separate external circuits Florin Andrei (Feb 16)
- Re: PIX stateful failover and separate external circuits Paul Murphy (Feb 15)