| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Issues with VRRP IPSO 3.7 and NG AI
- To: [email protected]
- Subject: Re: [FW-1] Issues with VRRP IPSO 3.7 and NG AI
- From: Vijay <[email protected]>
- Date: Wed, 1 Oct 2003 17:29:28 -0700
- In-reply-to: <OF4E84A4D1.37E726C7-ON05256D9D.006730D9-05256D9D.00675CC3@etek.com.co>
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
well checkpoint considers 224.0.0.0 network as the
Internal Network.So please disable the antispoofing On
the VRRP Interface.
regards
VIjay
--- Javier Diaz <[email protected]> wrote:
> Well, i have 2 HA VRRP Nokias with AI, and we have
> to create a rule accept
> vrrp with the 224.0.0.0 net and the modules of the
> cluster. In the user
> guide of ipso 3.7 explain why. There are logs
> dropping because
> spoofing?????
>
> Rgds
>
>
> Javier Díaz Evans
> Project Engineer
> Etek International Holding Corp - Colombia
> ISO 9001 certified
> Tel: +57 - (1) - 622 - 7122
> Fax: +57 - (1) - 257 - 1520
> www.etek.com.co
>
>
>
>
> Mark Pays <[email protected]>
> Sent by: Mailing list for discussion of Firewall-1
> <[email protected]>
> 10/09/2003 11:21 a.m.
> Please respond to Mailing list for discussion of
> Firewall-1
>
> To:
> [email protected]
> cc:
> Subject: Re: [FW-1] Issues with VRRP
> IPSO 3.7 and NG AI
>
>
> thanks for the reply. We already have a rule to
> allow the traffic and can
> see it passing between the Nokias. It just wont
> work!!
>
> Does anyone actually have IPSO 3.7/NG AI/VRRP HA
> working? Be interested to
> hear if you do.........As I said we have an
> identical setup working just
> fine in IPSO 3.6/NG FP3.
>
> -----Original Message-----
> From: Hennessy, Robert
> [mailto:[email protected]]
> Sent: 10 September 2003 16:41
> To: [email protected]
> Subject: Re: [FW-1] Issues with VRRP IPSO 3.7 and NG
> AI
>
>
> Mark,
>
> I have only read the docs, no experience, but ipso
> 3.6 permits vrrp
> packets
> between nokia's without any rule. v.7 requires a
> rule to permit the
> packets
> for the backup to go into backup mode.
> For testing, maybe permit the vrrp interfaces to
> talk on any port and
> narrow
> the ports down if it works
>
> Rob
>
> -----Original Message-----
> From: Mark Pays [mailto:[email protected]]
> Sent: Wednesday, September 10, 2003 10:25 AM
> To: [email protected]
> Subject: [FW-1] Issues with VRRP IPSO 3.7 and NG AI
>
>
> Hi,
>
> We are trying to setup a VRRP HA pair using IPSO 3.7
> and NG AI on nokia.
> We
> can get the VRRP working on IPSO before Checkpoint
> is installed, but once
> we
> create a cluster object and install a policy the
> problems begin. We have
> used Nokia legacy vrrp configuration rather than the
> newer ISPO cluster
> option. Has anyone actaully got this VRRP HA
> working? We find in Smart
> View
> staus the first node is OK, but the second always
> shows problems under
> clusterXL and the node is shown as down.
> Unfortunately neither the
> Smartview
> or the logs suggest what the issue may be. We have
> exactly mirrored
> another
> working vrrp setup. The only difference is that this
> is on FP3 and is
> using
> IPSO 3.6. Does anyone have any experience of VRRP on
> IPSO 3.7 or NG AI,
> any
> suggestions would be useful......
>
> Thanks
>
> Mark
> ###########################################
>
> This message has been scanned by F-Secure Anti-Virus
> for Microsoft
> Exchange.
> For more information, connect to
> http://www.F-Secure.com/
>
>
>
----------------------------------------------------------------------------
> --
> The opinions expressed within this email represent
> those of the
> individual and not necessarily those of Gullivers
> Travel Associates (GTA).
>
> This email and any files transmitted with it are
> confidential and intended
> solely for the use of the individual or entity to
> whom they are addressed.
> If you have received this email in error please
> notify
> [email protected].
>
> Should you wish to use email as a form of
> communication, GTA are unable to
> guarantee the security of email content outside of
> our own computer
> systems.
>
>
>
>
________________________________________________________________________
> This email has been scanned for all viruses by the
> MessageLabs Email
> Security System. For more information on a proactive
> email security
> service working around the clock, around the globe,
> visit
> http://www.messagelabs.com
>
________________________________________________________________________
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
>
> <font face="Times New Roman" size="3">
>
<p>-------------------------------------------------------------------------
> -----</p>
> <p> This e-mail may be privileged and/or
> confidential, and the sender does
> not waive any related rights and obligations. Any
> distribution, use or
> copying of this e-mail or the information it
> contains by other than an
> intended recipient is unauthorized. If you received
> this e-mail in error,
> please advise me (by return e-mail or otherwise)
> immediately.</p>
> <p> Ce courriel est confidentiel et protégé.
> L'expéditeur ne renonce pas
> aux
> droits et obligations qui s'y rapportent. Toute
> diffusion, utilisation ou
> copie de ce message ou des renseignements qu'il
> contient par une personne
> autre que le (les) destinataire(s) désigné(s) est
> interdite. Si vous
> recevez
> ce courriel par erreur, veuillez m'en aviser
> immédiatement, par retour de
> courriel ou par un autre moyen.</p>
>
<p>====================================================</p>
> </font>
>
>
>
=== message truncated ===
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
