[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Issues with VRRP IPSO 3.7 and NG AI
well checkpoint considers 224.0.0.0 network as the Internal Network.So please disable the antispoofing On the VRRP Interface. regards VIjay --- Javier Diaz <[email protected]> wrote: > Well, i have 2 HA VRRP Nokias with AI, and we have > to create a rule accept > vrrp with the 224.0.0.0 net and the modules of the > cluster. In the user > guide of ipso 3.7 explain why. There are logs > dropping because > spoofing????? > > Rgds > > > Javier Díaz Evans > Project Engineer > Etek International Holding Corp - Colombia > ISO 9001 certified > Tel: +57 - (1) - 622 - 7122 > Fax: +57 - (1) - 257 - 1520 > www.etek.com.co > > > > > Mark Pays <[email protected]> > Sent by: Mailing list for discussion of Firewall-1 > <[email protected]> > 10/09/2003 11:21 a.m. > Please respond to Mailing list for discussion of > Firewall-1 > > To: > [email protected] > cc: > Subject: Re: [FW-1] Issues with VRRP > IPSO 3.7 and NG AI > > > thanks for the reply. We already have a rule to > allow the traffic and can > see it passing between the Nokias. It just wont > work!! > > Does anyone actually have IPSO 3.7/NG AI/VRRP HA > working? Be interested to > hear if you do.........As I said we have an > identical setup working just > fine in IPSO 3.6/NG FP3. > > -----Original Message----- > From: Hennessy, Robert > [mailto:[email protected]] > Sent: 10 September 2003 16:41 > To: [email protected] > Subject: Re: [FW-1] Issues with VRRP IPSO 3.7 and NG > AI > > > Mark, > > I have only read the docs, no experience, but ipso > 3.6 permits vrrp > packets > between nokia's without any rule. v.7 requires a > rule to permit the > packets > for the backup to go into backup mode. > For testing, maybe permit the vrrp interfaces to > talk on any port and > narrow > the ports down if it works > > Rob > > -----Original Message----- > From: Mark Pays [mailto:[email protected]] > Sent: Wednesday, September 10, 2003 10:25 AM > To: [email protected] > Subject: [FW-1] Issues with VRRP IPSO 3.7 and NG AI > > > Hi, > > We are trying to setup a VRRP HA pair using IPSO 3.7 > and NG AI on nokia. > We > can get the VRRP working on IPSO before Checkpoint > is installed, but once > we > create a cluster object and install a policy the > problems begin. We have > used Nokia legacy vrrp configuration rather than the > newer ISPO cluster > option. Has anyone actaully got this VRRP HA > working? We find in Smart > View > staus the first node is OK, but the second always > shows problems under > clusterXL and the node is shown as down. > Unfortunately neither the > Smartview > or the logs suggest what the issue may be. We have > exactly mirrored > another > working vrrp setup. The only difference is that this > is on FP3 and is > using > IPSO 3.6. Does anyone have any experience of VRRP on > IPSO 3.7 or NG AI, > any > suggestions would be useful...... > > Thanks > > Mark > ########################################### > > This message has been scanned by F-Secure Anti-Virus > for Microsoft > Exchange. > For more information, connect to > http://www.F-Secure.com/ > > > ---------------------------------------------------------------------------- > -- > The opinions expressed within this email represent > those of the > individual and not necessarily those of Gullivers > Travel Associates (GTA). > > This email and any files transmitted with it are > confidential and intended > solely for the use of the individual or entity to > whom they are addressed. > If you have received this email in error please > notify > [email protected]. > > Should you wish to use email as a form of > communication, GTA are unable to > guarantee the security of email content outside of > our own computer > systems. > > > > ________________________________________________________________________ > This email has been scanned for all viruses by the > MessageLabs Email > Security System. For more information on a proactive > email security > service working around the clock, around the globe, > visit > http://www.messagelabs.com > ________________________________________________________________________ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > > <font face="Times New Roman" size="3"> > <p>------------------------------------------------------------------------- > -----</p> > <p> This e-mail may be privileged and/or > confidential, and the sender does > not waive any related rights and obligations. Any > distribution, use or > copying of this e-mail or the information it > contains by other than an > intended recipient is unauthorized. If you received > this e-mail in error, > please advise me (by return e-mail or otherwise) > immediately.</p> > <p> Ce courriel est confidentiel et protégé. > L'expéditeur ne renonce pas > aux > droits et obligations qui s'y rapportent. Toute > diffusion, utilisation ou > copie de ce message ou des renseignements qu'il > contient par une personne > autre que le (les) destinataire(s) désigné(s) est > interdite. Si vous > recevez > ce courriel par erreur, veuillez m'en aviser > immédiatement, par retour de > courriel ou par un autre moyen.</p> > <p>====================================================</p> > </font> > > > === message truncated === __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|