This is a discussion on Re: [fw-wiz] PIX Failover & Other Queries - Firewalls ; -----Original Message----- Subject: [fw-wiz] PIX Failover & Other Queries > Is it possible to have to firewalls in a failover set failover as normal, but have the failover Pix have > a different outside IP address? No. > What about ...
-----Original Message-----
Subject: [fw-wiz] PIX Failover & Other Queries
> Is it possible to have to firewalls in a failover set failover as normal,
but have the failover Pix have
> a different outside IP address?
No.
> What about upgrading the licence from FO to UR - would that allow it?
No.
> The best possible solution I've managed to come up with so far, is to have
two routers (or L3 switches)
> - just outside each of the Pix's - configured for HSRP. If the main link
goes down, what I would like to
> happen is for the other router to take over via HSRP, and for the firewall
pair to failover to the
> backup. Does that sound feasible?
This is probably your best option. Whether you use OSPF and HSRP between
the routers or go to BGP to load-share across the two connections, using
routers outside the PIX's is the best way to get redundant paths with
different IP addresses.
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards
