Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Multicast address

To: "'Tim Holman'" <[email protected]>, "Fw-1-Mailinglist (E-mail)" <[email protected]>
Subject: RE: [FW1] Multicast address
From: Francisco Cabral <[email protected]>
Date: Wed, 18 Apr 2001 14:24:36 +0200
Sender: [email protected]

I think I found the problem. Take a look at Nokia Resolution id 3463 on
their knowledge base, specifically at point 2.

But now the problem is : how can you add multiple IPs on different networks
to the same interface? Tried through Voyager but only to get an error that
the network was already defined on another interface.

How's your setup? Do u use different VLANS for each interface?

Francisco

-----Original Message-----
From: Tim Holman [mailto:[email protected]]
Sent: 18 April 2001 14:12
To: Francisco Cabral; Fw-1-Mailinglist (E-mail)
Subject: Re: [FW1] Multicast address


When you created the VRRP Multicast network object, did you use 224.0.0.18
and 255.255.255.255 ?
Have you setup an IGMP and VRRP rule ?
Set one up with the source as 'firewall-1 + firewall 2', the destination as
'firewall-1 + firewall 2', service VRRP (manually define this service with
Match.. ip_p=112) AND IGMP, Accept, Log (although you'll probably want to
skip the logs after a while).
Check in your mc configuration that you're monitoring eth2 from the circuit
for eth1, and eth1 for the circuit for eth2.
Something's not quite right as you shouldn't get these errors.

Tim


----- Original Message -----
From: Francisco Cabral <[email protected]>
To: 'Tim Holman' <[email protected]>; Fw-1-Mailinglist (E-mail)
<[email protected]>
Sent: 18 April 2001 12:15
Subject: RE: [FW1] Multicast address


> The HA is setup to monitor all the FW interfaces except the Heartbeat link
> using monitored circuits.
> The funny thing is that I'm getting drops, when I look at the logs, from :
>
> Origin Source Destination
> Services
>
> Public IP FW Master Any of the FW interfaces 224.0.0.18
> 38401
>
> but from the slave I'm getting accepts:
>
> Origin Source Destination
> Services
>
> Public IP FW Slave Any of the FW interfaces 224.0.0.18
> 38401
>
>
> -----Original Message-----
> From: Tim Holman [mailto:[email protected]]
> Sent: 18 April 2001 11:26
> To: Francisco Cabral; Fw-1-Mailinglist (E-mail)
> Subject: Re: [FW1] Multicast address
>
>
> If there's no NAT in place, then public addresses should never make it to
> your LAN.
> Have you allowed IGMP and VRRP (create the service manually) between the
> firewalls ?
> Have you setup monitored circuits with the Nokias ?
> Could you post up a sample log message ?
>
> Cheers,
>
> Tim
>
>
>
>
> ----- Original Message -----
> From: Francisco Cabral <[email protected]>
> To: 'Tim Holman' <[email protected]>; Fw-1-Mailinglist (E-mail)
> <[email protected]>
> Sent: 18 April 2001 08:42
> Subject: RE: [FW1] Multicast address
>
>
> > That's all done initially.
> >
> > I understand the need to monitor the FW interfaces but I would like that
> to
> > be log-silent.
> > Apparently, you managed to do it.
> >
> > When I look at the logs, I can see effectily that, through the LAN
> > interface, packets are coming out with the public IP of the FW.
> > There's no NAT defined for the FW IPs.
> >
> > Can anyone point me to an article explaining how multicast works so that
I
> > can assess if this is a Nokia or a IP "feature"?
> >
> > Francisco
> >
> > -----Original Message-----
> > From: Tim Holman [mailto:[email protected]]
> > Sent: 17 April 2001 19:21
> > To: Francisco Cabral; Fw-1-Mailinglist (E-mail)
> > Subject: Re: [FW1] Multicast address
> >
> >
> > What do your anti-spoofing rules say ?
> > Setup the external interface to Others, the sync link to This Net, and
the
> > internal interface to Others+, adding a group with all the public IP
> > addresses you're using for NAT.
> > Do this for both firewalls, as this info is not replicated.
> > If you're using 'Specific', then add the VRRP multicast object to the
> group,
> > but I've found the above formula works just as well.
> >
> > Tim
> >
> > ----- Original Message -----
> > From: Francisco Cabral <[email protected]>
> > To: Fw-1-Mailinglist (E-mail)
> <[email protected]>
> > Sent: 11 April 2001 11:02
> > Subject: [FW1] Multicast address
> >
> >
> > >
> > > Hi,
> > >
> > > Each day, my FW logs get huge with the VRRP multicast address entries
> with
> > > the reason of "address spoofing". Could the reason be that all the FW
> > > interfaces go into a hub (for testing)? Is there a way of not logging
> > these
> > > packets? Thanks.
> > >
> > > Regards,
> > >
> > > Francisco Cabral
> > >
> > >
> > >
> > >
> > >
> >
>
============================================================================
> > ====
> > >      To unsubscribe from this mailing list, please see the
instructions
> at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> >
>
============================================================================
> > ====
> > >
> > >
> >
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Multicast address
  - From: "Tim Holman" <[email protected]>

Prev by Date: [FW1] Firewall-1, two ext. NIC's and T-1 migration...
Next by Date: Re: [FW1] configure fw
Previous by thread: Re: [FW1] Multicast address
Next by thread: Re: [FW1] Multicast address
Index(es):
- Date
- Thread