Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] VRRP broadcast pollution

To: [email protected]
Subject: Re: [FW-1] VRRP broadcast pollution
From: Scott Friedman <[email protected]>
Date: Wed, 9 Jul 2003 10:31:32 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Every interface that is configured as a VRRP Virtual Router will
Send the VRRP packets out that interface... It's how the other interfaces
On the same network know that the Master is up.

The only way to filter those would be to put a Firewall or Router between
The VRRP Cluster and your workstations..

Scott Friedman
Security Engineer - NG CCSE
[email protected]
Advanced Network Solutions
1750 S. Telegraph Rd  Suite 100
Bloomfield Hills, MI 48302www.advnetworks.com


-----Original Message-----
From: Ralf Guenthner [mailto:[email protected]]
Sent: Wednesday, July 09, 2003 9:59 AM
To: [email protected]
Subject: Re: [FW-1] VRRP broadcast pollution


----- Original Message -----
From: "Reinhard Stich" <[email protected]>
To: <[email protected]>
Sent: Wednesday, July 09, 2003 2:44 PM
Subject: Re: [FW-1] VRRP broadcast pollution


> you need this VRRP-traffic on every interface where you have a
> cluster-IP-address configured (on the external, on the internal, in
> the
DMZ
> and so on).
>
> the dedicated link (I guess) is for fw1-state-synchronisation, this is
> important too but has nothing to do with vrrp. only vrrp and
fw1-state-sync
> together are a good HA-solution.
>
> cheers
> reinhard

Reinhard,

so the only choice I have is to block those packets at the entry-point
(router) to our LAN, correct? I don't know about you, but I always strive to
reduce network traffic whenever possible. These packets are only needed by
the firewalls, but they travel around the whole network. I don't like that
<s>

Thanks for your answer.

Cheers
Ralf

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] VRRP broadcast pollution
Next by Date: [FW-1] E-Safe Gateway
Previous by thread: Re: [FW-1] VRRP broadcast pollution
Next by thread: [FW-1] AW: [FW-1] VRRP broadcast pollution
Index(es):
- Date
- Thread