--- barry <Barry.Haycock_at_b-online.com.au> wrote:
> i can setup the failover no problems but my question is
> when the pix fails over does the second one assume the ip address
> assigned
> to the interface on the primary
> or does it use the address assigned under the failover command for
> that
> interface.
>
> if the interface assumes the address assigned under the failover
> command
> how does one go about routing from a router etc to the firewall??
>From another device on the network, the "primary" PIX will never
disappear. If the "primary" PIX fails, the secondary sets it's IP
Address and MAC address to what the "primary" PIX had. When the
"primary" PIX comes back up, it sees the other one out there and takes
the "secondary" IP and MAC addresses.
For all other devices that have to talk to the PIX, just point them to
the "primary" PIX IP address and the failovers will be unnoticable. In
a crude test when were setting ours up, we did a "ping -f" (flood/fast
ping) from a Linux box to a router on the other side of the PIX.
During the failover, we only lost about 1/3 of a seconds worth of
pings!
Dan
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Sep 06 2002
Intro
