Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco PIX 515E - Need to configure replacement Primary unit in Failover config for upcomming swap

Avatar of Bigchingan
Bigchingan asked on
Hardware FirewallsCisco
1 Comment1 Solution1146 ViewsLast Modified:
We have two Cisco PIX 515E's in a failover configuration protecting our network. Recently, the primary had some hardware failures, and the secondary picked up the slack and is now functioning as the active firewall. Cisco has sent us a replacement firewall, and I've updated the flash and installed the necessary hardware and licenses on it. According to their Tech, basically all I have to do is to get it up and running in production is configure the failover connection on the replacement. Once properly configured, it's a simple matter of swapping out the two firewalls and letting the secondary (active) firewall push it's configuration to the new primary (which would be in standby at that point).

Couple of questions:

Firstly, the replacement firewall is already set as a secondary firewall, and I can't seem to update that with the CLI. How would I go about changing that to make it the official Primary firewall (albeit in a standby mode) so when I connect it in the configuration, it's already setup?

Second. Do I need to to have the "show failover" output on my replacement firewall mimic the failed one exactly as it was before ? AKA, do I have to go as far as configuring all of the interfaces, or is getting the failover on and unit listed as primary the only concerns?

Does anyone have any pointers based off of a similar situation?

I'm running PIX 515E's in a serial attached failover with an extra 4 port NIC card. The new primary firewall (replacement ) is running the 7.1(2) firmware. The secondary is running 7.1(2)60 (I couldn't find this exact firmware when updating the replacement).

Avatar of harbor235
harbor235Flag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 1 Comment.
See Answers