The Security Appliance can sense a power loss of the peer unit and quickly
differentiate a power loss from an unplugged cable. The main drawback in this type is the distance limitation (the units cannot separated by more than six feet). The cable that connects the two units is a six-foot modified RS-232 serial cable that transfers
data at 117,760 bps (115 Kbps). One end of the cable is labeled "Primary" and is attached to the primary unit, whereas the end is labeled "Secondary" and is attached to the secondary unit. Figure 6-20 shows a configuration example.
Figure 6-20. Serial Cable-Based Failover (Active/Standby)
[View full size image]
LAN-Based Failover Link
Unlike the serial-cable failover implementation, the advantage of using LAN-based failover is the physical distance of the units,
which can be more than six feet, and the faster configuration replication. The downside is slower convergence; the Security
Appliance cannot immediately detect the loss of power of a peer, hence the firewall takes longer to failover in this case.
To replace the serial cable from the previous method, the LAN-based failover link uses the Ethernet interface on the appliance failover link. This interface can also be used for normal network operation and can be optionally used for the state link.
Pages:
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326