FirewallWizards
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [fw-wiz] PIX stateful failover and separate external circuits

from [Paul Murphy] [Permanent Link][Original]
To: firewall-wizards@listserv.icsalabs.com
Subject: Re: [fw-wiz] PIX stateful failover and separate external circuits
From: Paul Murphy <Paul_Murphy@fd.org>
Date: Thu, 15 Feb 2007 08:14:39 -0600
Delivered-to: sp-com-lists@consult.net
Delivered-to: fwwizards-list2@consult.net
Delivered-to: firewall-wizards@listserv.icsalabs.com
In-reply-to: <45D35744.7010505@andrei.myip.org>
List-archive: <https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help: <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id: Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post: <mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
Reply-to: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender: firewall-wizards-bounces@listserv.icsalabs.com 
I would assume that your two ISP circuits have different IP address
assignments?  If so, I do not believe that the PIX can failover connection
states to an Interface with a different IP address than the original.

Thanks,

Paul Murphy




                                                                           
             Florin Andrei                                                 
             <florin@andrei.my                                             
             ip.org>                                                    To 
             Sent by:                  firewall-wizards@listserv.icsalabs. 
             firewall-wizards-         com                                 
             bounces@listserv.                                          cc 
             icsalabs.com                                                  
                                                                   Subject 
                                       [fw-wiz] PIX stateful failover and  
             02/14/2007 05:36          separate external circuits          
             PM                                                            
                                                                           
                                                                           
             Please respond to                                             
             firewall-wizards@                                             
             listserv.icsalabs                                             
                   .com                                                    
                                                                           
                                                                           




I've a pair of PIX fw's (OS ver 7.2) in a failover configuration. The
two external interfaces are connected to the provider on two separate
circuits.

The provider claims that in such a configuration, stateful failover will
not work (the PIXes will do stateless failover), and we need to hook up
a switch (or a pair of switches) between the two firewalls and the two
circuits to enable stateful failover.

Somehow that doesn't sound right to me, but I cannot prove it, nor
disprove it. Anybody knows what the real answer is? A link to some
document that has the details to support the answer would be great, too.

Thanks,

--
Florin Andrei

http://florin.myip.org/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [fw-wiz] Need help configuring client-side VPN to Cisco 2801, Mike Leone
Next by Date:  Re: [fw-wiz] PIX stateful failover and separate external circuits, James Burns
Previous by Thread:  [fw-wiz] Need help configuring client-side VPN to Cisco 2801, Mike Leone
Next by Thread:  Re: [fw-wiz] PIX stateful failover and separate external circuits, James Burns
Indexes:  [Date] [Thread] [Top] [All Lists]