|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Nokia IPSO cluster - secondary answering arp requests
The proxy ARP on both firewalls should be set up with the VRRP MAC address, not the interface MAC. That way, both might respond, but traffic goes to the VRRP MAC, which is handled by the master. Did you set your proxy ARPs up with VRRP MAC or the physical interface MAC? Shawn > -----Original Message----- > From: <Aaron Reynolds> [mailto:[email protected]] > Sent: Wednesday, February 19, 2003 5:11 PM > To: [email protected] > Subject: [FW-1] Nokia IPSO cluster - secondary answering arp requests > > > I have two Noka IP650s running IPSO 3.5 FCS8 / 4.1 SP6. I > just removed a > hub that was sandwiched between the cluster and the upstream > router. Since > doing that, I have noticed that the secondary is responding > to arp requests > for some of the virtual IPs. For instance we have a > proxy-arp entry on both > firewalls for the static address of our mail server. About 3 > times, since > pulling out the hub, the secondary has responded for the arp > request for our > mail server public address. At that point mail traffic > stops, because the > upstream router is sending all traffic to the secondary > firewall port, which > ignores all traffic. Anybody have any idea about this? > Thanks for any > help. > > -Aaron > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > > > Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.activis.com This annotation was added by the e-scan service. http://www.activis.com ---------------------------------------------------------------------------------- This message has been checked for all known viruses by e:)scan. For further information please contact [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
