Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
2 posts • Page 1 of 1
for my one of the setup i have two pix 535 configured in active -standby mode .i want to insert the interface card on both of the firewalll without disturbing any services or rather you can say zero downtimebut acoording to the documents i suspect i could acheive it .help me how can i acheive the above i am thinking first i will change interface card on standby then i will go with active but the problem i suspect after finishing addition of the card card in standby the failover should have issue as the number of the interfaces could not match on both firewall .so i also suspect i can make the standby to be active forcefully pls suggest how should i go
As you already guessed this is not possible. http://www.cisco.com/en/US/docs/securit ... #wp1077521 Pls. refer the above link. Failover will disable itself when one unit has extra module that the other one doesn . Best option is to reload both of them at the same time or shut the sec/standby down, get the card in and get it ready. Then shut the pri/active unit down and fireup the sec/standby unit so it will come up sec/act. Then put the card back in the pri/act unit and fire it back up and it will come up as pri/standby. You will definitely have a min. of 10-15 min. downtime until the unit reboots. -KS