[nsp] R: PIX Firewall serie 535

From: Roberto Paoletti (roberto.paoletti@mail.wind.it)
Date: Mon Mar 25 2002 - 12:34:02 EST


Hi , yes the interface 7 is connected to the primary pix by crossover
cable.
 
This interface is connected only back-to-back without traffic internet.
 
No, i didn't reboot the primary, but this morning i riceived the alert
messages for " Lost Failover communications with mate on interface 7"
and after i connetced on the pix and i 've seen this mistake.
 
I attached the show failover and show interface :
 
 
 
-------------------------SHOW
FAILOVER----------------------------------------
 
Failover On
Cable status: Normal
Reconnect timeout 0:00:00
Poll frequency 15 seconds
        This host: Primary - Active
                Active time: 23160 (sec)
                Interface DMZ-slot:7 (192.168.10.9): Normal
                Interface DMZ-slot:6 (192.168.10.13): Normal
                Interface DMZ-slot:5 (192.168.10.17): Normal
                Interface DMZ-slot:4 (192.168.10.1): Normal
                Interface DMZ-slot:3 (192.168.10.5): Normal
                Interface inside (X.X.X.X): Normal
                Interface outside (X.X.X.X): Normal
                Interface DMZ-Slot:2 (X.X.X.X): Normal
        Other host: Secondary - Standby
                Active time: 0 (sec)
                Interface DMZ-slot:7 (192.168.10.10): Normal
                Interface DMZ-slot:6 (192.168.10.14): Normal
                Interface DMZ-slot:5 (192.168.10.18): Normal
                Interface DMZ-slot:4 (192.168.10.2): Normal
                Interface DMZ-slot:3 (192.168.10.6): Normal
                Interface inside (X.X.X.X): Normal
                Interface outside (X.X.X.X): Normal
                Interface DMZ-Slot:2 (X.X.X.X): Normal
              
Stateful Failover Logical Update Statistics
        Link : DMZ-slot:4
        Stateful Obj xmit xerr rcv rerr
        General 4728402 8463 36978 0
        sys cmd 3119 0 3114 0
        up time 2 0 2 0
        xlate 1045 0 351 0
        tcp conn 4724236 0 33511 71
        udp conn 0 0 0 0
        ARP tbl 0 0 0 0
        RIP Tbl 0 0 0 0
 
        Logical Update Queue Information
                        Cur Max Total
        Recv Q: 0 128 36978
        Xmit Q: 0 419 4738791
 
 
-----------------------------SHOW
INTERFACE-------------------------------
 
interface ethernet5 "DMZ-slot:7" is up, line protocol is up
  Hardware is i82558 ethernet, address is 00e0.b604.4866
  IP address 192.168.10.9, subnet mask 255.255.255.252
  MTU 1500 bytes, BW 100000 Kbit full duplex
        1498 packets input, 92852 bytes, 0 no buffer
        Received 2 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        1538 packets output, 105116 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max blocks): hardware (128/128) software (0/2)
        output queue (curr/max blocks): hardware (0/10) software (0/9)
 
 
------------------------------------------------------------------------
--------------------------------
 
Is it possible an attack ?
 
THANKS FOR YOUR COLLABORATION.
 
CIAO
Roberto P.
 

-----Messaggio originale-----
Da: Zhang, Anchi [mailto:AZhang@reliant.com]
Inviato: luned́ 25 marzo 2002 16.47
A: Roberto Paoletti; cisco-nsp@puck.nether.net
Oggetto: RE: PIX Firewall serie 535

How is the interface 7 on your secondary connected to that of your
primary? Via a crossover cable, a switch, or a hub?
 
What is interface 7 for? Your outside interface?
 
Did the primary reboot?
 
"show failover" and "show interface" output would be helpful.
 
Anchi
 
-----Original Message-----
From: Roberto Paoletti [mailto:roberto.paoletti@mail.wind.it]
Sent: Monday, March 25, 2002 9:21 AM
To: cisco-nsp@puck.nether.net
Subject: PIX Firewall serie 535

Hi ,
        i' ve a problem with the pix 535.
 
Sometimes (2 times) the secondary pix (license failover) with status
Standby , losts comunication on interface X and goes in Testing.
The interface X is back -to-back with the primary pix with status Active
:
 
%PIX-1-105005: (Secondary) Lost Failover communications with mate on
interface 7
 
After the secondary monitoring the others interfaces :
 
%PIX-1-105003: (Secondary) Monitoring on interface 3 waiting
%PIX-1-105003: (Secondary) Monitoring on interface 6 waiting
%PIX-1-105003: (Secondary) Monitoring on interface 2 waiting
%PIX-1-105003: (Secondary) Monitoring on interface 5 waiting
%PIX-1-105003: (Secondary) Monitoring on interface 0 waiting
%PIX-1-105003: (Secondary) Monitoring on interface 4 waiting
%PIX-1-105003: (Secondary) Monitoring on interface 1 waiting
 
Why does the pix work so ?
Which is or are problem/s ?
 
I thought the connectivity (network), but the interface is back-to-back.
I thought the cable, it doesn't work.....but i change the cable.....
 
I've seen the logs and i didn't find nothing interesting .
Can anyone help me ?

Thanks in advance,

Roberto Paoletti
Operations Server Farm & Networking
Network Security & AAA
------------------------------------------------------------------
Wind Telecomunicazioni S.p.A. -
<file:///D:/Documents%20and%20Settings/Administrator.RPAOLETTI-NT/Dati%2
0applicazioni/Microsoft/Signatures/www.wind.it> www.wind.it
Internet & Multimedia - Fixed Portal
via Lorenteggio, 257
20152 Milano
Tel: +39-02-3011 4166
Cell:+39-3294206077
E-mail:roberto.paoletti@mail.wind.it

 



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:38 EDT