|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] gfb: FW1 drops VRRP packets with Monitored Circuits
Hi there, I'm running two Nokia IP650 FW1 4.1 SP3s, talking to a remote management station. After setting up VRRP with MC with Voyager and proving it works, I set up FW1 Sp3 on the Nokias, connected to a remote FW1 Management Module. * Except for the firewalls' sync interfaces, I added the vrrp.mcast.net (224.0.0.18) object to the Others+ option on the remaining fw interfaces. * I created the vrrp protocol (ip_p=0x70) * I created a rule high up before the stealth rule: source destination protocol action firewalls vrrp.mcast.net vrrp accept As a result: 1) Half of the vrrp.mcast.net destined packets from source primary fw are being accepted, the other half dropped. 2) All of the vrrp.mcast.net destined packets from source secondary fw are being dropped when I down one of the primary FWs interfaces. 3) I set up a consistent ping from an internal host to the internal default gateway (a VRRP MC backup address), this is permitted by a FW1 rule I've configured. When vrrp MC picks up one of the primary fw's interfaces are down, vrrp.mcast.net destined packets from source secondary fw are dropped, as well as icmp echo replies from the internal host. Any ideas? Kind Regards, Gabriel _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
