Failover

Primary PIX Firewall

Primary PIX Firewall

Secondary PIX Firewall

©2000, Cisco Systems,

The failover function for the Cisco Secure PIX Firewall™ provides a safeguard in case a PIX Firewall fails. Specifically, when one PIX Firewall fails, another immediately takes its place.

In the failover process, there are two PIX Firewalls: the primary PIX Firewall and the secondary PIX Firewall. The primary PIX Firewall functions as the active PIX Firewall, performing normal network functions. The secondary PIX Firewall functions as the standby PIX Firewall, ready to take control should the active PIX Firewall fail to perform. When the primary PIX Firewall fails, the secondary PIX Firewall becomes active while the primary PIX Firewall goes on standby. This entire process is called failover.

The primary PIX Firewall is connected to the secondary PIX Firewall through a failover connection: a failover cable. The failover cable has one end labeled primary, which plugs into the primary PIX Firewall, and the other end labeled secondary, which plugs into the secondary PIX Firewall.

A failover occurs when one of the following situations takes place:

■ A power-off or a power-down condition occurs on the active PIX Firewall

■ The active PIX Firewall is rebooted

■ A link goes down on the active PIX Firewall for more than 30 seconds

■ The message, "Failover active" occurs on the standby PIX Firewall

■ Block memory exhaustion occurs for 15 consecutive seconds or more on the active PIX Firewall

0 0

Post a comment