Lone Secondary PIX won't stay active ?

[tconn]

I have a single secondary pix installed which does not want to stay active. It seems every 24 hours or so, I have to log into the console and type "failover active". What the trick to making it stay active ? I though it was because I had taken the FO cable off, but that didn't seem to make a difference.

Any suggestions ?
Please don't ask why I don't have the primary...

 

[tbissett]

My guess is this is Cisco's way of making your life miserable for not having a UR license firewall at the other end, even if it were powered off.

The failover cable is wired to actually tell the difference between a power failure at one end vs. a non-existent unit. I'm surprised you even got that far with a lone FO unit.

I won't ask why you don't have a UR firewall, but if you want it to work right, get a UR license.

 

[baddos]

Yes... You buy a UR or a R license from Cisco and use that same box.

 

[HTY]

why don't you make a secrure CRT script that make the work for you?
each 24 hours let him type failover active on the secondary unit
I'm also surprised that with an FO unit can work standalone!!!
are there any traffic going in and out of its interfaces??

HTY

 

[tconn]

I do have a UR, but it was used someplace else and left this R unit on the shelf. This was a loaner for what I thought was short term. I can't use an expect/SCRT script because the firewall becomes unreachable when it goes.

I'll be replacing the pix with a el'cheapo firewall tomorrow.
Thanks for the suggestions.