-----BEGIN PGP SIGNED MESSAGE-----
I may be wrong about this, but the way I understand it there is supposed
to be the capability for a system to announce it's IP address without
waiting for a box to send an ARP request. The term I was told is a
gratuitus arp broadcast. Basicly it boils down to the TCP/IP stack
listening for all arp broadcasts and updateing it's ARP table whenever it
hears one. This mostly comes into play if you change a card in a machine
or implement some sort of High-Availability failover. In these cases the
MAC adderess changes for a given IP address. The machine broadcasts the
new ARP info, but some machines (including as I understand it, the PIX)
ignore this.
David Lang
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
On Wed, 20 Jan 1999, Schaar, Norbert wrote:
> Date: Wed, 20 Jan 1999 09:39:49 +0100
> From: "Schaar, Norbert" <[EMAIL PROTECTED]>
> To: 'David Lang' <[EMAIL PROTECTED]>, rich <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: RE: Resonate and Pix
>
> David,
>
> there's an ARP config statement for PIX which defaults to:
>
> arp timeout 14400
>
> It does mean 14400 secons or 4 hours. Fortunately, you can change the
> timeout to lower value, for example
>
> arp timeout 300
>
> to force PIX to forget MAC entries after 5 minutes.
>
> What key TCP/IP function the PIX doesn't implement? If you use this box as
> it is designed for, you shouldn't have any problems except of the complexity
> of configuration of large rulebases and the lack of management features.
>
> Kindly regards
>
> Norbert Schaar
> Firewall Team - Network Security Services
> Dresdner Global IT Services - DreGIS
> Dresdner Bank AG
>
> -----Original Message-----
> From: David Lang [mailto:[EMAIL PROTECTED]]
> Sent: Dienstag, 19. Januar 1999 20:40
> To: rich
> Cc: [EMAIL PROTECTED]
> Subject: Re: Resonate and Pix
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I was just speaking with Resonate last friday as they were going over my
> network looking for problems. They were pleased to find that the PIX I
> have was not going to be in frount of the boxes using Central Dispatch.
> According to them the PIX does not implement some key TCP/IP functions
> needed to make things work. Apparently the CISCO Local directer used to
> have the same problem until some large CISCO customer complained enough. I
> believe it has to do with the PIX not accepting gratuitus ARP packets (I
> know I have had problems with te PIX and it's s l o w arp refresh when I
> have changed NICs in machines).
>
> David Lang
>
> "If users are made to understand that the system administrator's job is to
> make computers run, and not to make them happy, they can, in fact, be made
> happy most of the time. If users are allowed to believe that the system
> administrator's job is to make them happy, they can, in fact, never be made
> happy."
> - -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA
> '97)
>
> On Tue, 19 Jan 1999, rich wrote:
>
> > Date: Tue, 19 Jan 1999 12:16:21 -0500
> > From: rich <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Resonate and Pix
> >
> > Just curious if anyone has worked with or found workarounds for the
> > problems encountered with Resonate software BEHIND a pix firewall.
> >
> > thanks,
> > r
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.0
> Charset: noconv
>
> iQEVAwUBNqTfiz7msCGEppcbAQEMUwgAmALwMxwv15gA8tXJlvVSHNuyns1KwJLp
> 30YLrZ4GaJG1BvmtKB5yZ7fm4/K5d6f/932ZTEscQoYJukVWV9fF88eLW0khaoU6
> 3Mf/gBwqbwuzQLpeI81kukmgeZH/KA5yEzwGpKZbePSpKeC9GuUlPI/H6NR+uxHf
> 8eBAl68oNYtGOrx0YqtxKYH9K3nuo3j+gYVX04jvZzGsvu92ciW3qGXN9tJtg+0M
> X628vbZ6m5XS1Pps1d0bkxOaCxuoStNTv1sC0Be/4qdIDtQnHb6TPgE5linX7km7
> QEJL6OyqqnFW5OQkXlYD0qie8kcISHjV6HDGhjexovEKBsqbFkhpLQ==
> =KL99
> -----END PGP SIGNATURE-----
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNqXvQz7msCGEppcbAQHE4wf/Y6oKLIF5ZGcIAYSH+sqAvhp9eM0ZhJnA
yiCk+wsu3UrKZVbAHHDUtRC2s3gcPMrA4Jn3IXzveAxRxm8h1XDNAp3NVAILapIP
Cw66vsjVxWvT1OIf0mAd2L7TVa7wwcnsvOXH5P2QufWMhowdzWH4mx3NDPBnvmdw
k3J6Ks7Lk9CjHZ7LAHfxIBffpYmBe0uV9R/orYdrakwungc8G0u+tLUqQrS16Ov6
IzAP6EZZL2imlfMbLiUXKjPJ0FDEsXGxCfQlXWPFZYxkM0Eo0TgJiFOPFMZFvWf7
6Kc7yynRCkd5hxAwP7T6YsTxHwYoaE5J94ydd6m2kjEgnzRvLvtYAA==
=TWg+
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
