Re: [fw-wiz] Managing multiple Cisco Pix's



Then why not do LAN failover? That's a pretty well documented feature
of PIX OS 7 and up.

James Burns wrote:
Sorry, to clarify:

We will have two firewalls at either side of our campus serving the
same internal network, but with different /external/ addresses - this
is necessary because of the way that our provider has arranged things.

Each runs OSPF. Both units are, in effect, active - but no traffic
will be passed via the "backup" until the primary goes down, because
of the way that the routing is configured.

Cisco allows for active/active failover between Pix units, but ONLY if
they are running multiple security contexts, and we do not do this,
nor need to. What we're looking for is an elegant and preferably
inexpensive way of keeping the ruleset up-to-date on both boxes
without the need to manually edit on both every time a rule is
added/amended.

Hope this makes things clearer!

James

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • SV: Firewall Basics
    ... based firewalls since having two PIX firewalls would leave you vulnerable to ... the same exploits if a hole in PIX was found. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)
  • RE: [fw-wiz] Strange Pix behavior.
    ... I'm sure I've seen it on a single PIX 515E as recently as ... TCP protocols that have longer connection lives such as FTP or SSH. ... in a variety of firewalls, many of which were standalone systems. ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Appropriate PIX logging level
    ... the messages from the pix when it rejects a broadcast packet (I'm ... getting 43,000 log entries per day based on the firewalls rejecting ... If what you need is for the PIX to handle but not log certain policy events, ...
    (Firewall-Wizards)
  • Re: Choosing a Firewall
    ... > firewalls. ... We currently have a PIX 506e and seem to be running into some ... If you need to setup PPTP to the firewall, WG makes it simple to setup ... If you need branch-office ipsec dedicated tunnels, ...
    (comp.security.firewalls)
  • Re: pix firewall setup help.
    ... > I am new to working with firewalls. ... I have just purchased the cisco pix 506E. ... I am wondering how i could setup the network to allow the ... > establish vpn connections from the internet to the pix machine. ...
    (comp.security.firewalls)