What Is Required for a Failover Configuration?
The hardware and software for the primary and secondary Security Appliance must match
in the following respects for failover configuration to work properly:
■ Firewall model
■ Software version (which should be the version with unrestricted [UR] licensing)
■ Flash memory size
■ RAM size
■ Activation key
■ Number and type of interfaces
The only additional hardware that is needed to support failover is the failover cable. Both
units in a failover pair communicate through the failover cable. The failover cable is a
modified RS-232 serial link cable that transfers data at 115 kbps. It is through this cable that
the two units maintain the heartbeat network. This cable is not required for LAN-based
failover. Some of the messages communicated over failover cable are
■ Hello (keepalive packets)
■ Configuration replication
■ Network link status
■ State of the unit (active/standby)
■ MAC address exchange
NOTE Failover for 501 and 506E models is not supported.
NOTE With Security Appliance software version 7.0, the requirement for the same
software versions on both the primary and secondary Security Appliances has been
relaxed. Different maintenance levels are permitted for the purpose of hit-less updates.