Firewall Wizards mailing list archives
Re: PIX stateful failover and separate external circuits
From: James Burns <james.burns () sunderland ac uk>
Date: Thu, 15 Feb 2007 09:15:15 +0000
Hi Florin, The information you have been given is correct. For a Pix to support stateful failover, a dedicated LAN interface between the two units is required. You can read more here: http://www.cisco.com/warp/public/110/failover.html#statefulfailover Kind regards, James Burns Florin Andrei wrote:
I've a pair of PIX fw's (OS ver 7.2) in a failover configuration. The two external interfaces are connected to the provider on two separate circuits. The provider claims that in such a configuration, stateful failover will not work (the PIXes will do stateless failover), and we need to hook up a switch (or a pair of switches) between the two firewalls and the two circuits to enable stateful failover. Somehow that doesn't sound right to me, but I cannot prove it, nor disprove it. Anybody knows what the real answer is? A link to some document that has the details to support the answer would be great, too. Thanks,
-- James Burns Network & Security Advisor – Student & Learning Support University of Sunderland _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX stateful failover and separate external circuits Florin Andrei (Feb 14)
- Re: PIX stateful failover and separate external circuits Victor Williams (Feb 15)
- Re: PIX stateful failover and separate external circuits James Burns (Feb 15)
- Re: PIX stateful failover and separate external circuits Florin Andrei (Feb 16)
- Re: PIX stateful failover and separate external circuits Paul Murphy (Feb 15)