NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] possible VRRP issue and TCP out of sync errors



Check the arp cache on the DMZ server.. Make sure the IP that it's
Sending it's traffic to is using the VRRP mac and not the real one...



Scott Friedman
Security Engineer - NG CCSE
[email protected]
Advanced Network Solutions
1750 S. Telegraph Rd  Suite 100
Bloomfield Hills, MI 48302www.advnetworks.com


-----Original Message-----
From: Lewis, Eric [mailto:[email protected]]
Sent: Thursday, August 28, 2003 12:54 PM
To: [email protected]
Subject: [FW-1] possible VRRP issue and TCP out of sync errors


I have two IP330's(FP4 w/AI) that have a single DMZ hanging off of them with
all interfaces VRRP'ed. I have a single server on the DMZ that keeps getting
out of sync errors due to outbound traffic being sent to one firewall while
inbound comes from the other firewall. This should not be occurring since
they are VRRP'ed. Everything else on the other internal interface passes
traffic back and forth just fine. If I fault everything over to the second
firewall it works fine. If I fault everything over to the first firewall the
server in the DMZ still won't send traffic out the firewall interface. It is
like the traffic from the DMZ will only go one way out although it's default
route is the VRRP address. Any insights?

Eric S. Lewis, CCNA, MCSE, NSA IAM, CCSA, CISSP, CEH
Network Security Officer=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.