[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] VRRP broadcast pollution
> you need this VRRP-traffic on every interface where you have a
> cluster-IP-address configured (on the external, on the internal, in the
DMZ
> and so on).
>
> the dedicated link (I guess) is for fw1-state-synchronisation, this is
> important too but has nothing to do with vrrp. only vrrp and
fw1-state-sync
> together are a good HA-solution.
>
Reinhard,
so the only choice I have is to block those packets at the entry-point
(router) to our LAN, correct? I don't know about you, but I always strive
to reduce network traffic whenever possible. These packets are only needed
by the firewalls, but they travel around the whole network. I don't like
that <s>
you're right, both nokias need to see these packets but you can filter them
on any router or switch (broadcast-domain) and prevent your network from
beeing "flooded" with vrrp-helos.
cheers
reinhard
--
Reinhard Stich, ASSIST [email protected]
Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33
Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
