The Failover Category
The additional class listed beneath System Backdrop is Failover. From this category,
you can set up and configure failover amid two identical PIX firewalls.
When configuring PIX firewalls for failover, you charge aboriginal configure certain
attributes, such as the failover interface IP addresses. After enabling failover
between two PIX firewalls, all aliment is performed from the primary firewall
in the pair.The Failover class awning is apparent in Figure 9.19.
From this screen, you can accredit or attenuate failover by beat the analysis box
beside Accredit Failover.To configure the failover IP addresses for anniversary interface,
highlight a specific interface and bang Edit.The failover IP addresses are assumed
by the standby PIX during accustomed operations.
www.syngress.com
Figure 9.18 The Edit Interface Window
PIX Device Manager • Chapter 9 477
NOTE
You charge accept an adapted failover authorization to admission the Failover
category. Without a failover license, you cannot configure failover from
PDM or from the CLI.
From the Failover screen, you can additionally ascendancy stateful failover and LANbased
failover properties.To accredit stateful failover, bang the Accredit Stateful
Failover analysis box and baddest a accelerated interface from the pull-down account for
stateful synchronization.The PIX firewalls will use this interface to canyon connection
state data.To accredit HTTP replication, bang the analysis box beside HTTP
Replication. Doing so configures the PIX firewalls to barter HTTP connection
data beyond the stateful synchronization link.
www.syngress.com
Figure 9.19 The Failover Screen
478 Chapter 9 • PIX Device Manager
LAN-based failover permits the added concrete break of PIX devices
configured in a failover pair. Previously, PIX firewalls configured in a pair
required a six-meter or beneath break due to consecutive cable limitations.To enable
LAN-based failover, bang the Accredit LAN-based Failover analysis box and
select the interface acclimated for failover cachet blockage from the LAN Interface
drop-down list. In accession to selecting the LAN interface, you charge accept a
shared key to use amid the failover PIX devices.Type the key in the Shared
Key field; bethink this key because you charge administer the identical key cord to
the additional PIX firewall. Finally, actuate whether the PIX firewall will be the
primary or accessory firewall during accustomed operations by beat either the
Primary or the Accessory radio button.
When you are finished, bang the Administer to PIX button. At any point in this
process, you can bang Displace to acknowledgment the Failover awning attributes to their original
values.The Failover Displace button is acclimated to displace the failover state.