Monitoring Failover
The primary adjustment of ecology failover action is to use the appearance failover
command, which can be run on either firewall.This command tells you virtually
everything you appetite to apperceive about failover. One of the best important pieces
of advice this command reveals is the cachet of the failover cable, which is
provided in the additional band of the output. It can accept four accessible values:
Normal This agency that the cable is operating commonly and that the
primary and accessory firewall are affiliated properly.
My ancillary not affiliated This agency that the consecutive cable is not connected
to the firewall (primary or secondary) on which you entered the
command.
Added ancillary is not affiliated This agency that the consecutive cable is not
connected to the added firewall (the one added than the one on which
you are accounting this command).
Added ancillary powered off This agency that the consecutive cable is connected
to the added assemblage properly, but the added firewall is powered off.
In the command output, you will additionally see flags abutting to anniversary interface.The
meaning of anniversary banderole is listed here:
Normal The interface is activity properly.
Link Bottomward The band agreement on the interface is down.
Bootless The interface has failed.
Shut Bottomward The interface has been administratively shut down.
Unknown This interface has not yet been configured with an IP
address.The cachet of this interface has not yet been determined.
Waiting Ecology of this interface on the added firewall has not yet
started.
With stateful failover enabled, the appearance failover command additionally displays the
logical amend statistics.The agreement that updates accompaniment advice from the
active firewall to the standby firewall over the committed stateful failover LAN link
is accepted as the Logical Amend (LU) protocol.The LU agreement is a real-time,
UDP-like agreement that works asynchronously in the accomplishments over IP 105.
www.syngress.com
Configuring Failover • Chapter 8 431
When you use stateful failover, you will see the afterward stateful altar listed in
the Logical Amend statistics section:
General The sum of all objects.
sys cmd Logical arrangement amend commands, such as login.
up time Uptime advice that is anesthetized from the alive to the
standby unit.
xlate The adaptation table.
tcp conn TCP affiliation information.
udp conn Dynamic UDP affiliation information.
ARP tbl Dynamic ARP table information.
RIP Tbl Dynamic acquisition table information.
For anniversary of these stateful objects, the afterward statistics are available:
xmit The cardinal of packets transmitted to the added firewall.
xerr The cardinal of errors that occurred while transmitting to the
other firewall.
rcv The cardinal of accustomed packets.
rerr The cardinal of errors that occurred while accepting packets from
the added firewall.
The command additionally displays the cardinal of current, maximum, and absolute number
of packets in the Logical Amend address (Xmit) and accept (Recv) queues.
As always, for those who are absorbed in ecology failover operation at a
very abstruse and abundant level, the PIX firewall provides alter commands for
monitoring failover operation.The command is as follows:
debug fover
Here, advantage can be any of the keywords listed in Table 8.1.
Table 8.1 Failover Alter Options
Keyword Description
cable Failover cable status.
fail Failover centralized exception.
www.syngress.com
Continued
432 Chapter 8 • Configuring Failover
Keyword Description
fmsg Failover message.
get IP arrangement packet received.
ifc Arrangement interface cachet trace.
open Failover accessory open.
put IP arrangement packet transmitted.
rx Failover cable receive.
rxdmp Cable recv bulletin dump (serial animate only).
rxip IP arrangement failover packet received.
tx Failover cable transmit.
txdmp Cable xmit bulletin dump (serial animate only).
txip IP arrangement failover packet transmit.
verify Failover bulletin verify.
switch Failover switching status.