Re: [fw-wiz] PIX failover disable help

---

• From: "Christopher J. Wargaski" <wargo1@xxxxxxxxx>
• Date: Fri, 11 Apr 2008 00:12:59 -0500

---

Siva--

Yes, you should disable failover first.

no failover
no failover ip address inside 10.1.1.11
no failover ip address DMZvlan1 10.0.0.2
no failover ip address DMZvlan2 10.0.2.2
no failover ip address outside 68.254.130.243
no failover ip address fover PIX2-fover
no failover link fover

show failover

Once failover is disabled, the polling stops. Now you can shut down
interfaces, or disconnect them.


On Thu, Apr 10, 2008 at 9:21 AM, sivakumar <siva_itech@xxxxxxxxx> wrote:

I have a pix stateful failover(6.3) set up in active/standby mode. Now i
just want to shut down an interface on the failover and bring back it to
unused state. Now i'm worried if by giving a shut on the interface on the
active pix would affect the standby and would drive them to panic.

As per the document i'm thinking of to disable the failover first and shut
the interface on pri and then sec and after that would enable back the
failover again. Would that be fine or it would still affect and make a
switch over.

My concern is if we disable the failover the 2 pixes would poll using the
other ethernet interfaces to check they are up. And if i shut down an int,
would that make the pix to failover and standby to active?
[B]
Could you please tell me a safe way so that i could rid of it without
affecting any live traffic?[/B]

-----
Regards,
Siva
--
View this message in context: http://www.nabble.com/PIX-failover-disable-help-tp16608826p16608826.html
Sent from the Firewall Wizards mailing list archive at Nabble.com.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• References:
  • [fw-wiz] PIX failover disable help
    • From: sivakumar

• Prev by Date: Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?
• Next by Date: Re: [fw-wiz] PIX failover disable help
• Previous by thread: [fw-wiz] PIX failover disable help
• Next by thread: Re: [fw-wiz] PIX failover disable help
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Which cable for ASA failover? ... Can you post your failover config of both unit. ... interface Ethernet0/0 ... mtu management 1500 ... timeout xlate 3:00:00 ... (comp.dcom.sys.cisco) Re: Which cable for ASA failover? ... Can you post your failover config of both unit. ... interface Ethernet0/0 ... mtu management 1500 ... timeout xlate 3:00:00 ... (comp.dcom.sys.cisco) Re: IP Failover: strange behaviour ... As long as both machines are up and running, IP failover ... network interface, and enters the status described in 1). ... IPPSA2> tcpip ifconfig -a ... IE2 are not participating in a ip failover. ... (comp.os.vms) Re: CISCO ASA 5505 Failover ... the following exerpts (Cisco Systems, ... You can use any unused Ethernet interface on the device as the ... The failover link interface is not configured ... (comp.dcom.sys.cisco) Failover problem with PIX 515 ... with failover cable ... Cisco PIX Firewall Version 6.2 ... Normal Interface inside: Normal Other host: Secondary - ... Hardware is i82559 ethernet, address is 000b.46aa.a620 ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2008-04