Hi,
Firewall 4.1, Nokia 440, IPSO 3.2.1-fcs1, running
VRRP on outside, inside, dmz interfaces.
Symptom: Regularly, the backup firewall's outside
interface changes its state to Master, even though Primary is
functioning fine. Causing slowness in Internet Access.
What i find from TCPDUMP is that primary sends
VRRP multicast message out every 1 second. What's odd is that every once
in a while, i see Backup sends out one VRRP message. This causes
significant delay in our Internet Access.
At the firewall side, VRRP config looks
identical to the Nokia's document on how to setup one. I do have
policies to allow vrrp traffics.
All the interfaces go to pair of Cisco 4000
switches with various VLANS. First 2 ports of the switches are
configured with VLAN trunking.
Originally, firewall's inside and dmz interfaces
were connected to Cisco4000 switch with its own VLAN. Outside interfaces
of the firewall were originally connected to Cisco2900 before and we moved
them to Cisco4000 switch with its own VLAN.
First I thought it was the switch's VLAN trunking
config, but I doubt it is that. If it was the VLAN trunk issue, then i
would see the same behavior with inside and dmz interfaces too...
any thoughts??
thanks,
Mike