[fw-wiz] PIX Failover Questions

From: Kevin Miller (kmiller_at_inflow.com)
Date: 06/23/03

  • Next message: Tony Miedaner: "Re: [fw-wiz] Application Intelligent vs ALG" 
    To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
Date: Mon, 23 Jun 2003 14:09:39 -0600

    I currently have an HA pair of PIX 535s. Each 535 has 3 66mhz Gigabit
    Ethernet ports and 1 quad fastethernet card.

    I am wondering what is the difference between the stateful serial cable and
    using an Ethernet cable for failover? From what I understand, the serial
    failover cable is used to sync the config between the pixes and the Ethernet
    is used to sync the state tables. Is that correct?

    I was recently looking at a document located here
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63rnot
    es/pixrn63.htm

    Which states
    "Caution If Stateful Failover is enabled, the interface card and bus used
    for the Stateful Failover LAN port must be equal to or faster than the
    fastest card used for the network interface ports. For example, if your
    inside and outside interfaces are PIX-1GE-66 cards installed in bus 0, then
    your Stateful Failover interface must be a PIX-1GE-66 card installed in bus
    1. A PIX-1GE or PIX-1FE card cannot be used in this case, nor can a
    PIX-1GE-66 card be installed in bus 2 or share bus 1 with a slower card."

    Why is a gigabit interface required to sync the state table? How could they
    possibly have that much info to sync? I would just like to use a fast
    ethernet port if possible.

    Thanks for any help
    Kevin

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Tony Miedaner: "Re: [fw-wiz] Application Intelligent vs ALG"

    Relevant Pages

    • Re: Load Balancing for W2100z
      ... "Iraq4all" wrote in message ... > card to the system and I would like to do a load balancing or failover ... Multipathing and Failover via the IPMP, on Linux I believe your closest ...
      (comp.unix.solaris)
    • Re: Daemon to monitor NIC activity and activate "spare" NIC
      ... Take into account that when you switch an ip address to another card all ... routes still use the MAC address to the old card. ... configurations tend to fail when a failover is needed and only work during ...
      (comp.sys.hp.hpux)
    • Re: NAT and static addresses in one physical ethernet network
      ... Hey chaps, been doing some research and I will buy a quad port card, and I ... will use a linksys dsl modem which will bridge a PPPoE connection so the ... Any suggestions on a card that is compatible with Linux? ... Then I will have 2 Ethernet ports for the public and private subnets, ...
      (comp.os.linux.networking)
    • Out of PCI slots, request for suggestions
      ... a free slot but the one problem FCP system has a Fibre Channel card, ... I assume there are FC cards with ethernet ports out there, ... The other option is an USB2/100Mb ethernet adapter. ...
      (comp.sys.mac.system)