Re: [fw-wiz] PIX stateful failover and separate external circuits

Hi Florin,

The information you have been given is correct. For a Pix to support
stateful failover, a dedicated LAN interface between the two units is
required. You can read more here:

http://www.cisco.com/warp/public/110/failover.html#statefulfailover

Kind regards,
James Burns

Florin Andrei wrote:

I've a pair of PIX fw's (OS ver 7.2) in a failover configuration. The
two external interfaces are connected to the provider on two separate
circuits.

The provider claims that in such a configuration, stateful failover will
not work (the PIXes will do stateless failover), and we need to hook up
a switch (or a pair of switches) between the two firewalls and the two
circuits to enable stateful failover.

Somehow that doesn't sound right to me, but I cannot prove it, nor
disprove it. Anybody knows what the real answer is? A link to some
document that has the details to support the answer would be great, too.

Thanks,




--
James Burns

Network & Security Advisor – Student & Learning Support
University of Sunderland


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards