Chapter 10. Cisco PIX Firewall Failover
This chapter covers the following subjects :- Understanding Failover
- Failover Configuration
- LAN-Based Failover Configuration
Today, most businesses rely heavily on critical application servers that support the business process. The interruption of these servers due to network device failures or other causes has a great financial cost, not to mention the irritation such an interruption causes in the user community. With this in mind, Cisco has designed most of its devices, including the PIX Firewall products (models 515 and up), such that they can be configured in a redundant or highly available configuration.The failover feature makes the Cisco PIX Firewall a highly available firewall solution. The purpose of this feature is to ensure continuity of service in case of a failure on the primary unit.The failover process requires two PIX Firewallsone primary (active mode) and one secondary (standby mode). The idea is to have the primary PIX Firewall handle all traffic from the network and to have the secondary PIX Firewall wait in standby mode in case the primary fails, at which point it takes over the process of handling all network traffic. If a primary (active) unit fails, the secondary PIX Firewall changes its state from standby mode to active, assumes the IP address and MAC address of the previously active unit and begins accepting traffic for it. The new standby unit assumes the IP address and MAC address of the unit that was previously the standby unit, thus completing the failover process. |
لطفا منتظر باشید ...
