[fw-wiz] PIX Failover Questions

• Previous message: R. DuFresne: "[fw-wiz] webtrends, serving publically:"
• Next in thread: Dave Rinker: "Re: [fw-wiz] PIX Failover Questions"
• Reply: Dave Rinker: "Re: [fw-wiz] PIX Failover Questions"
• Reply: Bruce Smith: "Re: [fw-wiz] PIX Failover Questions"
• Maybe reply: Brian Ford: "Re: [fw-wiz] PIX Failover Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com>
Date: Mon, 23 Jun 2003 14:09:39 -0600

I currently have an HA pair of PIX 535s. Each 535 has 3 66mhz Gigabit
Ethernet ports and 1 quad fastethernet card.

I am wondering what is the difference between the stateful serial cable and
using an Ethernet cable for failover? From what I understand, the serial
failover cable is used to sync the config between the pixes and the Ethernet
is used to sync the state tables. Is that correct?

I was recently looking at a document located here
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63rnot
es/pixrn63.htm

Which states
"Caution If Stateful Failover is enabled, the interface card and bus used
for the Stateful Failover LAN port must be equal to or faster than the
fastest card used for the network interface ports. For example, if your
inside and outside interfaces are PIX-1GE-66 cards installed in bus 0, then
your Stateful Failover interface must be a PIX-1GE-66 card installed in bus
1. A PIX-1GE or PIX-1FE card cannot be used in this case, nor can a
PIX-1GE-66 card be installed in bus 2 or share bus 1 with a slower card."

Why is a gigabit interface required to sync the state table? How could they
possibly have that much info to sync? I would just like to use a fast
ethernet port if possible.

Thanks for any help
Kevin

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: R. DuFresne: "[fw-wiz] webtrends, serving publically:"
• Next in thread: Dave Rinker: "Re: [fw-wiz] PIX Failover Questions"
• Reply: Dave Rinker: "Re: [fw-wiz] PIX Failover Questions"
• Reply: Bruce Smith: "Re: [fw-wiz] PIX Failover Questions"
• Maybe reply: Brian Ford: "Re: [fw-wiz] PIX Failover Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Load Balancing for W2100z ... "Iraq4all" wrote in message ... > card to the system and I would like to do a load balancing or failover ... Multipathing and Failover via the IPMP, on Linux I believe your closest ... (comp.unix.solaris) Re: Daemon to monitor NIC activity and activate "spare" NIC ... Take into account that when you switch an ip address to another card all ... routes still use the MAC address to the old card. ... configurations tend to fail when a failover is needed and only work during ... (comp.sys.hp.hpux) Re: NAT and static addresses in one physical ethernet network ... Hey chaps, been doing some research and I will buy a quad port card, and I ... will use a linksys dsl modem which will bridge a PPPoE connection so the ... Any suggestions on a card that is compatible with Linux? ... Then I will have 2 Ethernet ports for the public and private subnets, ... (comp.os.linux.networking) Out of PCI slots, request for suggestions ... a free slot but the one problem FCP system has a Fibre Channel card, ... I assume there are FC cards with ethernet ports out there, ... The other option is an USB2/100Mb ethernet adapter. ... (comp.sys.mac.system)