Whether you have stateful configured or simply failover cable, failover can
only triggered by:
a. NIC status
b. Failover Network communications
c. Failover cable communication
d. Cable errors
A failure in one switch does not necessary cause the PIX to failover as long
as the standby receives hello packets within 30 seconds.
It doesn't seem like you have L3 switch in the picture, but you should still
turn on PortFast for your servers. This enable fast convergent time when
one switch/nic fails.
Larry
----Original Message Follows----
From: Michael Batchelder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: Jeroen Geusebroek <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: Re: Pix Failover Question
Date: Mon, 09 Apr 2001 01:20:08 -0700
MIME-Version: 1.0
Received: from [209.182.195.137] by hotmail.com (3.2) with ESMTP id
MHotMailBC9AB9FE00BCD820F3EAD1B6C3890FD50; Mon Apr 09 01:12:47 2001
Received: (qmail 15568 invoked by uid 15); 9 Apr 2001 08:10:35 -0000
Received: from yosemite.rwc.gnac.net (yosemite.rwc.gnac.net
[198.151.248.221])by spike.rwc.gnac.net (8.8.8/8.8.8) with ESMTP id
BAA15555for <[EMAIL PROTECTED]>; Mon, 9 Apr 2001 01:10:30 -0700 (PDT)
Received: by yosemite.rwc.gnac.net; id BAA25800; Mon, 9 Apr 2001 01:14:43
-0700 (PDT)
Received: from unknown(192.168.1.21) by yosemite.rwc.gnac.net via smap
(V5.0)id xma025791; Mon, 9 Apr 01 01:14:14 -0700
Received: from tweety.main.gnac.com (localhost.main.gnac.com [127.0.0.1])
by pepe.corp.crtnty.com (8.11.0/8.8.7/GNAC-GW-2.1) with ESMTP id
f398ABr18219; Mon, 9 Apr 2001 01:10:11 -0700 (PDT)
Received: from certaintysolutions.com (dhcp-152.main.gnac.com
[192.168.1.152]) by tweety.main.gnac.com (8.9.3/8.7.3/GNAC-COM-1.1) with
ESMTP id BAA15456; Mon, 9 Apr 2001 01:10:03 -0700 (PDT)
>From [EMAIL PROTECTED] Mon Apr 09 01:14:19 2001
Delivered-To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.76 [en] (WinNT; U)
X-Accept-Language: en
References: <3AD17512.5889.22638B6A@localhost>
Sender: [EMAIL PROTECTED]
Precedence: bulk
X-Loop: [EMAIL PROTECTED]
Take a look at
http://www.cisco.com/warp/public/110/failover.html
Also, LocalDirector uses the same failover code, and there's another doc
written for it on CCO. Search on LD and failover and you'll find it
eventually.
The pix does send 'hello' packets across interfaces on the same network,
so it will respond to network outages, as well as stuff it monitors
internally.
Michael
Daniel Crichton wrote:
>
> On 8 Apr 2001, at 17:13, Jeroen Geusebroek wrote:
>
> > My question is, if the first Pix is connected to the first switch and
the
> > second pix to the second switch; If the first switch fails, will the
second Pix
> > become active? From what i understand of the documentation it will, but
am not
> > to sure.
> >
> > Can someone shed some light on this?
>
> AFAIK the second Pix will only become active if the first Pix fails, but
a
> switch failure will not cause this as the failure is detected by the
cable that
> connects the Pix boxes together, not by the network cable. I know that
5.3
> (?) uses a NIC on each box for stateful failover but I believe that the
actual
> failover handling is still done based on the dedicated failover cable
> connection.
>
> Dan
>
> ---
> D.C. Crichton email: [EMAIL PROTECTED]
> Senior Systems Analyst tel: +44 (0)121 706 6000
> Computer Manuals Ltd. fax: +44 (0)121 606 0477
>
> Computer book info on the web:
> http://computer-manuals.co.uk/
> Want to earn money? Join our affiliate network!
> http://computer-manuals.co.uk/affiliate/
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
