Robert
FW-1 in and of itself will not do anything with a RIP packet unless there is a
specific process on the box configured to
process the RIP packet (on Unix - gated or routed, on NT - the RRAS routing service,
on Nokia - RIP parameters are
configured through the routing interface gui).
Simply accepting RIP packets on the FW policy only lets those packets through to the
other process. Dynamic routing
protocols like RIP and OSPF are often used to high availability, although other
methods like HSRP, VRRP, etc. can
also provide the needed funtionality.
The FW-1 is acting as a router in all cases however, even if you just have static
routes configured. It's just that with
static routes you don't necessarily need another routing process running on the box.
IP forwarding is turned ON on
most FW-1 installations however, and when IP forwarding is ON, the box is acting as a
router, even though you're calling
it a FW, its just a router which is much more discriminating about what it lets
through.
Bob Brandt, 3M, [EMAIL PROTECTED]
Robert MacDonald wrote:
> RIP is a broadcast. A normal router will 'hear' other routers announcments(RIP
>packets) and decide if they need to update their own tables based on the information
>contained in the RIP packet. Then every so often(30/60 sec?), the router will
>broadcast on each of it's interfaces what it knows about it's own routes(if
>configured to do so.)
>
> Your FW system is most likely not a router(so to speak) and because you don't have
>RIP enabled, it will not announce it's routes.
>
> By having your FW policy properties checked, your telling your FW to accept(e.g.
>listen only) for RIP packets and to modify it;s own tables accordingly.
>
> Robert
>
> - -
> Robert P. MacDonald, Network Engineer
> G o r d o n F o o d S e r v i c e
> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
> >>> Daniel Kieng <[EMAIL PROTECTED]> 5/30/00 9:20:41 AM >>>
> >
> >Hi all,
> >I would like to know if CP FW-1 log displays rip traffic, by default
> >firewall-1 Property "accepting RIP" is checked but it does not log rip
> >traffic in the log viewer. I have an incident that CP firewall-1 box does
> >not forward RIP version1 table to the next hop device. I sniffed the wire
> >between the router and the firewall I can see RIP packets coming out the
> >router but did not see RIP packets coming out the firewall box. Please
> >Help!!
> >
> >> Daniel Kieng
> >> Sr. Network Security Engineer
> >>
> >> PlatinumNetworks
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
