Solved

PIX515 Failover Reset

Posted on 2007-11-21
6
864 Views
Last Modified: 2012-06-27
Due to replacing some cables over the weekend our PIX515E failed over to the standby unit. I want to switch it back and have issued a failover reset but the backup is still active. How can i switch this back without interupting our users?
0
Comment
Question by:akalbfell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Accepted Solution

by:
CCIE8122 earned 500 total points
ID: 20328787
You can only switch back to the primary without service interruption if you have configured stateful failover (which means that the state of all of the connections is replicated across the dedicated Ethernet link to the standby PIX), otherwise all connection's will be reset.  To verify this, issue the command:

show failover

You will be able to see if your are configured for stateful failover as there will be a section at the bottom with stateful failover statistics.

To switch back to the primary, issue the command:

failover reset

on the failed primary PIX, and then you can either disconnect or reload the secondary (active) PIX, or on the console of the standby primary, issue the command:

failover active

Note that you have to be consoled to the standby to issue this command, cuz if you try to telnet/ssh, you will connect to the active secondary.

HTH

kr
0
 
LVL 8

Author Comment

by:akalbfell
ID: 20329061
Just found it online, thanks for detailed explanation.
0
 
LVL 8

Author Comment

by:akalbfell
ID: 20331024
quick follow up, after issuing that command the primary PIX took over but the firewall is spitting out tons of data to hyperterminal since right after i input the command. Why is it doing that and how can i get it to stop. It looks like a bunch of information about the connections which i assumed was just because it was tearing down and creating new ones but its still going...any ideas???
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:CCIE8122
ID: 20331188
This is because you are connected to the console and you have console logging turned on.  You may either turn off console logging, or raise the logging level above the level you see all the messages (this is the number where "X" is below:

Nov 21 2007 14:39:01: %PIX-X-123456: Text message

So if "X" on the majority of the log entries is 4, then you would set console logging to 3 and the level 4 events would not echo to the console.  Note that if you are logging to a server, you want to be careful that you only modify the console logging setting.

kr
0
 
LVL 8

Author Comment

by:akalbfell
ID: 20331202
thanks much!
0
 
LVL 4

Expert Comment

by:CCIE8122
ID: 20331353
NP.  Good luck.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
#Citrix #Netscaler #MSSQL #Load Balance
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question