Subscribe via RSS
Subscribe via Email

Configuring HA Failover on a PIX Firewall
VendorCisco
PlatformPIX
Version7.2
Firewalls - Cisco - PIX
Sunday, 18 May 2008 13:15

Below shows you how to configure stateful LAN based failover.

Primary

(config)#interface eth0
(config-if)#nameif inside
(config-if)#ip add 10.1.1.10 255.255.255.0 standby 10.1.1.20

(config)#interface eth1
(config-if)#no nameif
(config-if)#no shut

(config)#interface eth2
(config-if)#no nameif
(config-if)#no shut

(config)#failover
(config)#failover lan unit primary
(config)#failover lan interface failover eth1
(config)#failover lan enable
(config)#failover key <key>
(config)#failover link state eth2
(config)#failover interface ip failover 172.16.50.10 255.255.255.0 standby 172.16.50.20
(config)#failover interface ip state 172.16.51.10 255.255.255.0 standby 172.16.51.20

Secondary

(config)#failover
(config)#failover lan unit secondary
(config)#failover lan interface failover eth2
(config)#failover lan enable
(config)#failover key <key>
(config)#failover interface ip failover 172.16.50.10 255.255.255.0 standby 172.16.50.20

Useful Commands

sh failover state
sh failover interface
sh monitor-interface
monitor-interface
no failover active
failover active

Further information can be found here



Related Articles
 

Latest Articles

We have 23 guests online