[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] stopping vrrp broadcasts
Actually, the vrrp broadcasts are necessary on all interfaces that have a VRRP address. You'll notice that if you eliminate all VRRP addresses from a segment, then the broadcasts will go away. That's how VRRP works. The only thing that should go across the sync interface is the firewall state connections. -Mike "Declan McKibben" <[email protected]> on 09/21/2000 08:20:19 AM Please respond to [email protected] To: [email protected] cc: (bcc: Mike Semaniuk/Triumph) Subject: [FW1] stopping vrrp broadcasts On the nokia platform in HA mode I noticed that the lan is filled with vrrp broadcasts: vrrp.mcast.net ip proto-112 20. I know that this multicast needs to only be heard along the sync interface and not the lan in general. I have a rule that allows the firewall to "vrrp" the vrrp.mcast.net host object for service defined as ip_p=0X70. The logs show the source address as the internal interface of the primary nokia router - should I add a route on the nokias putting packets destined for 224.0.0.18 out the sync interface? regards Declan McKibben Dublin Ireland +353-87-2243170 +353-1-8366160 mailto:[email protected] _____________________________________ Get your free E-mail at http://www.ireland.com =========================================================================== ===== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =========================================================================== ===== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|