Failure Detection

To determine the failure of the active components several methods can be implemented. The IOS firewall can use the HSRP, which can be tuned to fail over in less than 1 second.

However, if using a PIX Firewall, configure a simple native "cable" failover. A LAN failover is possible. Both methods achieve switching times below 15 seconds.

The Failover Cable

The failover cable is the only additional hardware required to support PIX failover. In PIX 6.2 and later, a failover can be achieved with or without a failover cable. The failover cable is a modified RS-232 serial link cable with a speed setting of 9600 baud. In PIX Software Release 5.2 (5.1.2.201), the speed was changed to 115.2K baud. If a switchover occurs, the units swap the IP address and MAC addresses they are using to replace each other's presence on the network. This action is invisible to the network.

Was this article helpful?

0 0

Post a comment