Firewall Wizards mailing list archives
Re: PIX stateful failover and separate external circuits
From: Florin Andrei <florin () andrei myip org>
Date: Fri, 16 Feb 2007 09:31:39 -0800
James Burns wrote:
Hi Florin, The information you have been given is correct. For a Pix to support stateful failover, a dedicated LAN interface between the two units is required. You can read more here: http://www.cisco.com/warp/public/110/failover.html#statefulfailover
Exactly. I just realized I've seen this a while ago - I had a pair of PIXes in a failover configuration, each one connected to a different switch, and the inter-connection between switches broke. The firewalls went nuts trying to kickstart the failover process. So yeah, the interfaces of the primary and the secondary need to be in the same LAN segment. -- Florin Andrei http://florin.myip.org/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX stateful failover and separate external circuits Florin Andrei (Feb 14)
- Re: PIX stateful failover and separate external circuits Victor Williams (Feb 15)
- Re: PIX stateful failover and separate external circuits James Burns (Feb 15)
- Re: PIX stateful failover and separate external circuits Florin Andrei (Feb 16)
- Re: PIX stateful failover and separate external circuits Paul Murphy (Feb 15)