PIX 515 failover

[jdl508]

If I need failover support on my pix 515 and I have a 4 port nic card + the 2 additional interfaces can I use one of the int in the 4 port card for failover with another 515 or can I use ethernet0 or 1
in the manual it says it must be a lone interface for failover to work I didnt know if this ment that I cant use one of the 4 in the 4 int card.
Thanks again
this site has proven to be an extremely useful resource!!!

 

[yizhar]

HI.

Failover has 2 versions -
stateless or statefull.

For the stateless, you need only the failover port (which is not one of the NICs).

For the statefull failover, you will need in addition a dedicated NIC - This will probably be one of the 4 NIC card.

You will need 2 identical pix firewalls - both must have the additional NICs. You probably know that...

The statefull FO keeps both pix devices updated with the connections and translation tables, so the switch between them will not disconnect users.
With stateless FO, the switch between the boxes will drop all current connections, requiring the clients to reestablish the sessions. This does not mean that the users will notice that as it might happen automaticaly by the client operating system, but it depends on which kind of TCP/IP traffic is used.

Read the pix manuals - its all there.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar