    Is failover always active-active?


      From IPS Administration Guide v7.5 rev c



      "In Network Security Platform, because both failover Sensors must be ready to process packets on their monitoring ports at all times, both Sensors are actually active at all times; neither Sensor is inoperative, or 'standing by' unless the unit has failed. Instead, both Sensors operate normally."



      "Once configured, the two Sensors exchange information to determine their respective roles; the Sensor that has been online the longest becomes the active Sensor. If they have been online for exactly the same amount of time, the Sensor with the higher serial number takes the active role."


      The latter statement would seem to imply that the one that has been on line shortest, or the one with the lower serial number, is not active, while the former statement advises that the sensors are always active-active...  Which is it?

          ..should the wording on p45 refer to 'primary' instead of active?  ie, the sensor that has been online the longest (or has the highest serial number, becomes the *primary*, and not the *active*.

            From M-3050/M-4050 Sensor Product Guide (Revision A):

            "If you choose to run in failover mode, port 2A is used to interconnect with a standby Sensor."


            Is this a terminology thing that needs to be sorted in the McAfee documentation?  If sensors are indeed active-active, then I think we really should be looking at use of either 'primary' and 'secondary' or 'template' and backup' - something like that, surely?  It is things like this that cause confusion, and dont really help the end user experience to be a pleasant one!