1. Home
  2. Cisco Systems
  3. PIX 6.2 failover scenario

PIX 6.2 failover scenario

I have a two PIX 525's operating in failover mode.One has a UR license and the other a FO license. If my primary pix fails and it is a hardware failure(NIC, or power supply, or sysadmin destroys it with hammer :--)) will my failover pix reboot every 24 hours because it cannot determine the connection to the primary node? I found the info below on Cisco's site.

The PIX Firewall failover unit is intended to be used solely for failover and not in standalone mode. If a failover unit is used in standalone mode, the unit will reboot at least once every 24 hours until the unit is returned to failover duty. When the unit reboots, the following message displays at the console. =========================NOTICE ========================== This machine is running in secondary mode without a connection to an active primary PIX. Please check your connection to the primary system.

REBOOTING.... ==========================================================

Is that the message you will receive if you try to configure a PIX as a standalone when it has a FO license?

Thanks,

Lonnie

Reply to
lpaschall
Loading thread data ...

Yes. A failover PIX that cannot reach a primary will reboot every

24 hours, whether or not a primary is configured.
Reply to
Walter Roberson

Is that for sure? I vaguely remember reading that if a FO PIX fails, it takes over, remains active and only reboots ever 24h as soon as the FO PIX gets powercycled. The documentation for 6.2 on the cisco site isn't that conclusive either:

"The PIX Firewall failover unit is intended to be used solely for failover and not in standalone mode. If a failover unit is used in standalone mode, the unit will reboot at least once every 24 hours until the unit is returned to failover duty. When the unit reboots, the following message displays at the console." [1]

Does the rebooting apply *only* when a FO PIX is used without any serial cabling or failing contact to the primary/active? Imagine having to send in a failed primary PIX, waiting weeks for it to return and the now production FO PIX keeps on booting every 24 hours...

Dug up the line for 7.2 where it says: "If the unit with a UR license in a failover pair fails and is removed from the configuration, the unit with the FO or FO_AA license does not automatically reboot every 24 hours; it operates uninterrupted unless the it is manually rebooted."[2]

Am I right to assume that this doesn't apply to PIX OS >> I have a two PIX 525's operating in failover mode.One has a UR

Reply to
the nocturnal shade

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.