James Burns wrote:
> Hi Florin,
>
> The information you have been given is correct. For a Pix to support
> stateful failover, a dedicated LAN interface between the two units is
> required. You can read more here:
>
> http://www.cisco.com/warp/public/110/failover.html#statefulfailover
Exactly. I just realized I've seen this a while ago - I had a pair of
PIXes in a failover configuration, each one connected to a different
switch, and the inter-connection between switches broke. The firewalls
went nuts trying to kickstart the failover process.
So yeah, the interfaces of the primary and the secondary need to be in
the same LAN segment.
--
Florin Andrei
http://florin.myip.org/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|