[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Issues with VRRP IPSO 3.7 and NG AI
Javier, Try this, edit the topology of each firewall object and create new interfaces and define them as per your VRRP backup address and define their topology E.g If Eth-s1p1c0 = 10.1.1.1/24 and has anti-spoofing like "network defined by this interface" --- then create a new interface e.g Eth-s1p1c0-vrrp = 10.1.1.254/24 and define its anti-spoofing like what it needs to be. Just check in your logs, is the anti-spoofing dropped with a source of one of the firewalls vrrp addresses? And then you have your rule as follows SRC DST SERVICE ACTION Firewall Modules host-224.0.0.18 vrrp accept -----Original Message----- From: Javier Diaz [mailto:[email protected]] Sent: Thursday, 11 September 2003 4:49 AM To: [email protected] Subject: Re: [FW-1] Issues with VRRP IPSO 3.7 and NG AI Well, i have 2 HA VRRP Nokias with AI, and we have to create a rule accept vrrp with the 224.0.0.0 net and the modules of the cluster. In the user guide of ipso 3.7 explain why. There are logs dropping because spoofing????? Rgds Javier Díaz Evans Project Engineer Etek International Holding Corp - Colombia ISO 9001 certified Tel: +57 - (1) - 622 - 7122 Fax: +57 - (1) - 257 - 1520 www.etek.com.co Mark Pays <[email protected]> Sent by: Mailing list for discussion of Firewall-1 <[email protected]> 10/09/2003 11:21 a.m. Please respond to Mailing list for discussion of Firewall-1 To: [email protected] cc: Subject: Re: [FW-1] Issues with VRRP IPSO 3.7 and NG AI thanks for the reply. We already have a rule to allow the traffic and can see it passing between the Nokias. It just wont work!! Does anyone actually have IPSO 3.7/NG AI/VRRP HA working? Be interested to hear if you do.........As I said we have an identical setup working just fine in IPSO 3.6/NG FP3. -----Original Message----- From: Hennessy, Robert [mailto:[email protected]] Sent: 10 September 2003 16:41 To: [email protected] Subject: Re: [FW-1] Issues with VRRP IPSO 3.7 and NG AI Mark, I have only read the docs, no experience, but ipso 3.6 permits vrrp packets between nokia's without any rule. v.7 requires a rule to permit the packets for the backup to go into backup mode. For testing, maybe permit the vrrp interfaces to talk on any port and narrow the ports down if it works Rob -----Original Message----- From: Mark Pays [mailto:[email protected]] Sent: Wednesday, September 10, 2003 10:25 AM To: [email protected] Subject: [FW-1] Issues with VRRP IPSO 3.7 and NG AI Hi, We are trying to setup a VRRP HA pair using IPSO 3.7 and NG AI on nokia. We can get the VRRP working on IPSO before Checkpoint is installed, but once we create a cluster object and install a policy the problems begin. We have used Nokia legacy vrrp configuration rather than the newer ISPO cluster option. Has anyone actaully got this VRRP HA working? We find in Smart View staus the first node is OK, but the second always shows problems under clusterXL and the node is shown as down. Unfortunately neither the Smartview or the logs suggest what the issue may be. We have exactly mirrored another working vrrp setup. The only difference is that this is on FP3 and is using IPSO 3.6. Does anyone have any experience of VRRP on IPSO 3.7 or NG AI, any suggestions would be useful...... Thanks Mark ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ ---------------------------------------------------------------------------- -- The opinions expressed within this email represent those of the individual and not necessarily those of Gullivers Travel Associates (GTA). This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [email protected]. Should you wish to use email as a form of communication, GTA are unable to guarantee the security of email content outside of our own computer systems. ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= <font face="Times New Roman" size="3"> <p>------------------------------------------------------------------------- -----</p> <p> This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.</p> <p> Ce courriel est confidentiel et protégé. L'expéditeur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite. Si vous recevez ce courriel par erreur, veuillez m'en aviser immédiatement, par retour de courriel ou par un autre moyen.</p> <p>====================================================</p> </font> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|