Hi Florin,
The information you have been given is correct. For a Pix to support
stateful failover, a dedicated LAN interface between the two units is
required. You can read more here:
http://www.cisco.com/warp/public/110/failover.html#statefulfailover
Kind regards,
James Burns
Florin Andrei wrote:
>I've a pair of PIX fw's (OS ver 7.2) in a failover configuration. The
>two external interfaces are connected to the provider on two separate
>circuits.
>
>The provider claims that in such a configuration, stateful failover will
>not work (the PIXes will do stateless failover), and we need to hook up
>a switch (or a pair of switches) between the two firewalls and the two
>circuits to enable stateful failover.
>
>Somehow that doesn't sound right to me, but I cannot prove it, nor
>disprove it. Anybody knows what the real answer is? A link to some
>document that has the details to support the answer would be great, too.
>
>Thanks,
>
>
>
--
James Burns
Network & Security Advisor – Student & Learning Support
University of Sunderland
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|