Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Multicast address

To: "'Tim Holman'" <[email protected]>, "Fw-1-Mailinglist (E-mail)" <[email protected]>
Subject: RE: [FW1] Multicast address
From: Francisco Cabral <[email protected]>
Date: Wed, 18 Apr 2001 09:42:04 +0200
Sender: [email protected]

That's all done initially.

I understand the need to monitor the FW interfaces but I would like that to
be log-silent.
Apparently, you managed to do it. 

When I look at the logs, I can see effectily that, through the LAN
interface, packets are coming out with the public IP of the FW. 
There's no NAT defined for the FW IPs.

Can anyone point me to an article explaining how multicast works so that I
can assess if this is a Nokia or a IP "feature"?

Francisco

-----Original Message-----
From: Tim Holman [mailto:[email protected]]
Sent: 17 April 2001 19:21
To: Francisco Cabral; Fw-1-Mailinglist (E-mail)
Subject: Re: [FW1] Multicast address


What do your anti-spoofing rules say ?
Setup the external interface to Others, the sync link to This Net, and the
internal interface to Others+, adding a group with all the public IP
addresses you're using for NAT.
Do this for both firewalls, as this info is not replicated.
If you're using 'Specific', then add the VRRP multicast object to the group,
but I've found the above formula works just as well.

Tim

----- Original Message -----
From: Francisco Cabral <[email protected]>
To: Fw-1-Mailinglist (E-mail) <[email protected]>
Sent: 11 April 2001 11:02
Subject: [FW1] Multicast address


>
> Hi,
>
> Each day, my FW logs get huge with the VRRP multicast address entries with
> the reason of "address spoofing". Could the reason be that all the FW
> interfaces go into a hub (for testing)? Is there a way of not logging
these
> packets? Thanks.
>
> Regards,
>
> Francisco Cabral
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Multicast address
  - From: "Tim Holman" <[email protected]>

Prev by Date: RE: [FW1] what's going on with the list?
Next by Date: [FW1] Ports for VPN Client
Previous by thread: Re: [FW1] Multicast address
Next by thread: Re: [FW1] Multicast address
Index(es):
- Date
- Thread