NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Multicast address



The HA is setup to monitor all the FW interfaces except the Heartbeat link
using monitored circuits.
The funny thing is that I'm getting drops, when I look at the logs, from :

Origin			Source				Destination
Services

Public IP FW Master	Any of the FW interfaces	224.0.0.18
38401

but from the slave I'm getting accepts:

Origin			Source				Destination
Services

Public IP FW Slave	Any of the FW interfaces	224.0.0.18
38401


-----Original Message-----
From: Tim Holman [mailto:[email protected]]
Sent: 18 April 2001 11:26
To: Francisco Cabral; Fw-1-Mailinglist (E-mail)
Subject: Re: [FW1] Multicast address


If there's no NAT in place, then public addresses should never make it to
your LAN.
Have you allowed IGMP and VRRP (create the service manually) between the
firewalls ?
Have you setup monitored circuits with the Nokias ?
Could you post up a sample log message ?

Cheers,

Tim




----- Original Message -----
From: Francisco Cabral <[email protected]>
To: 'Tim Holman' <[email protected]>; Fw-1-Mailinglist (E-mail)
<[email protected]>
Sent: 18 April 2001 08:42
Subject: RE: [FW1] Multicast address


> That's all done initially.
>
> I understand the need to monitor the FW interfaces but I would like that
to
> be log-silent.
> Apparently, you managed to do it.
>
> When I look at the logs, I can see effectily that, through the LAN
> interface, packets are coming out with the public IP of the FW.
> There's no NAT defined for the FW IPs.
>
> Can anyone point me to an article explaining how multicast works so that I
> can assess if this is a Nokia or a IP "feature"?
>
> Francisco
>
> -----Original Message-----
> From: Tim Holman [mailto:[email protected]]
> Sent: 17 April 2001 19:21
> To: Francisco Cabral; Fw-1-Mailinglist (E-mail)
> Subject: Re: [FW1] Multicast address
>
>
> What do your anti-spoofing rules say ?
> Setup the external interface to Others, the sync link to This Net, and the
> internal interface to Others+, adding a group with all the public IP
> addresses you're using for NAT.
> Do this for both firewalls, as this info is not replicated.
> If you're using 'Specific', then add the VRRP multicast object to the
group,
> but I've found the above formula works just as well.
>
> Tim
>
> ----- Original Message -----
> From: Francisco Cabral <[email protected]>
> To: Fw-1-Mailinglist (E-mail)
<[email protected]>
> Sent: 11 April 2001 11:02
> Subject: [FW1] Multicast address
>
>
> >
> > Hi,
> >
> > Each day, my FW logs get huge with the VRRP multicast address entries
with
> > the reason of "address spoofing". Could the reason be that all the FW
> > interfaces go into a hub (for testing)? Is there a way of not logging
> these
> > packets? Thanks.
> >
> > Regards,
> >
> > Francisco Cabral
> >
> >
> >
> >
> >
>
============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> >
> >
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.