- Posts: 80
- Thank you received: 0
Active unit and PDM warning replication message
17 years 9 months ago #19748
by zillah
Active unit and PDM warning replication message was created by zillah
I have got two PIXs, Primary and Secondary
Primary (192.168.100.1) is Standby
Secondary (192.168.100.2) is Active
When I try to access the PDM from primary (Standby) I could not, but I was able to access PDM for Secondary (Active)
Secondary’s PDM Tools --> Command Line Interface --> config terminal,,,,I received this error message
[code:1]
Result of firewall command: "config ter"
**** WARNING ***
Configuration Replication is NOT performed from Standby unit to Active unit.
Configurations are no longer synchronized.
[/code:1]
1- In the above message why it says Standby unit ?, while I have issued the command (config terminal ) within Active unit, not Standby unit
2- How can I find user privilege level from within PDM ?
Primary (192.168.100.1) is Standby
Secondary (192.168.100.2) is Active
When I try to access the PDM from primary (Standby) I could not, but I was able to access PDM for Secondary (Active)
Secondary’s PDM Tools --> Command Line Interface --> config terminal,,,,I received this error message
[code:1]
Result of firewall command: "config ter"
**** WARNING ***
Configuration Replication is NOT performed from Standby unit to Active unit.
Configurations are no longer synchronized.
[/code:1]
1- In the above message why it says Standby unit ?, while I have issued the command (config terminal ) within Active unit, not Standby unit
2- How can I find user privilege level from within PDM ?
17 years 9 months ago #19754
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Active unit and PDM warning replication message
Sounds like the Pix's have failed over and now the Secondary Unit is talking the active role. In a Standby/Active config, you can only make configuration changes on the Active Pix, which then syncronises to the Standby Pix automatically (or if you type write standby which then forces the configs to sync).
You can manually fail the units back by typing from the command prompt on the Active Pix
[code:1]no failover active[/code:1]
This should then get the roles to the correct place.
Hope it helps ya
You can manually fail the units back by typing from the command prompt on the Active Pix
[code:1]no failover active[/code:1]
This should then get the roles to the correct place.
Hope it helps ya
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 9 months ago #19756
by zillah
Replied by zillah on topic Re: Active unit and PDM warning replication message
But I am doing the configuration on the Active PIX, though it is the Secondary one,,,,shouldn't secondary PIX be able to write configuration to the primary one , by using this command : write standby , since secondary is active in my situation ?In a Standby/Active config, you can only make configuration changes on the Active Pix,
2- How can I find user privilege level from within PDM ?
17 years 9 months ago #19758
by Smurf
Sorry, i was going off this statement.
I have no answer to the 2nd point as i don't use the PDM, its command line all the way for me so i cannot help any further.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Active unit and PDM warning replication message
When I try to access the PDM from primary (Standby) I could not, but I was able to access PDM for Secondary (Active)
Sorry, i was going off this statement.
I have no answer to the 2nd point as i don't use the PDM, its command line all the way for me so i cannot help any further.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 9 months ago #19787
by d_jabsd
Replied by d_jabsd on topic Re: Active unit and PDM warning replication message
When the pixes failover, their IPs go with them, so if your 'secondary' is active, it will have the 'primary' ip address.
You never want to manage the devices with the standby IP address.
It doesn't matter which physical device is active, you always use the active IP address.
You never want to manage the devices with the standby IP address.
It doesn't matter which physical device is active, you always use the active IP address.
17 years 9 months ago #19789
by zillah
In my case Primary device ip address 192.168.100.1
Secondary device ip address 192.168.100.2
Now when the primary pix failed (moved to standby mode) that means the secondary became active with ip address 192.168.100.1
I hope I understood you
Regards
Replied by zillah on topic Re: Active unit and PDM warning replication message
That is fines.When the pixes failover, their IPs go with them, so if your 'secondary' is active, it will have the 'primary' ip address.
In my case Primary device ip address 192.168.100.1
Secondary device ip address 192.168.100.2
Now when the primary pix failed (moved to standby mode) that means the secondary became active with ip address 192.168.100.1
In my case I tried to manage the Secondary-Active device, not standby oneYou never want to manage the devices with the standby IP address.
This is what I did as well,I used the Active Device, not the standby one.It doesn't matter which physical device is active, you always use the active IP address.
I hope I understood you
Regards
Time to create page: 0.133 seconds