Hi everyone,
My PIX525 (running PIX 7.1(2)) currently has the failover serial cable connected as well as a cross-over cable connected to a 10/100 port (LAN failover is not currently enabled though). I've had a couple of unexpected failovers happen, and when these happen, we lose connection. This has made me want to go ahead and enable LAN failover so as to be able to take advantage of not having those network hiccups during failovers. The issue is that I actually have gig ports on this FW, but the failover is set up on a
10/100 port. I understand that it is recommended to have the LAN failover on the fastest port.The situation with the 2 gig ports I have (both are fiber connected) is that Gigport0 is configured as the "inside" interface with no sub interfaces. Gigport1 is also enabled, and with 7 subinterfaces. I've heard that it is also recommended to dedicate a port to failover rather than having any subinterfaces sharing it (is that true?). Note than the "inside" network consists of about 10 VLANs... and lots of traffic.
My idea is to move the "inside" interface to Gigport1 as a subinterface thereby freeing up Gigport0 to be used exclusively as the failover port. Does this plan seem like a good idea? Is there anything I should watch out for? The fiber cable connecting the gig ports are connected to switches... would it still work given that primary and secondary PIXs won't be directly connected to each other? Also, what if I just enable LAN failover leaving it on the 10/100 port?
Any advice would be greatly appreciated. Thanks!
Kevin