RE: [FW1] VRRP issue

Sat, 04 Aug 2001 02:41:01 -0700 



Chris,

I ran into a similiar problem and had to do the following....

create a workstation called VRRP-MULTICAST with an ip of 224.0.0.18
next create a policy rule that states source FW1 and FW2, destination
VRRP-MULTICAST, service vrrp, accept
this needs to go above your stealth rule.  if you do not have this, your
stealth rule will drop the vrrp packets and your FW's end up hanging.

Hope this helps,
-Ryan Nobrega
-Southern CT State University


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Chris Koger
Sent: Thursday, August 02, 2001 8:24 AM
To: Fw-1-Mailinglist
Subject: [FW1] VRRP issue



Hello all and TIA for any help that anyone may be able to give.

Here's the scenario:  I have two Nokia boxes (IP330s) that I am working on
both running IPSO 3.3-FCS3; each has two interfaces.  I am trying to get
VRRP up and running.  I can enter all of the information for VRRP and apply
and save it, but when I enter the IP of the backup address for them to
represent (the VRRP address), the boxes fail - total freeze, no response.
They then have to be rebooted and all of the info remains in the VRRP config
except the IP address.  If I try again, the same thing happens.  If I enter
both IP address (two interfaces), the machine doesn't come back at all even
after rebooting.

Has anyone seen this?  If so, what was your resolution?  Nokia has not
returned with an answer.

More info:
  The two machines have been running for about a month awaiting an
implementation date with everything configured except VRRP - they are taking
the place of another older firewall.
  This issue occurs with or without the firewall software running and with
or without the ifwd interface monitoring daemon running.

I know this is a firewall mailing list, but I hope someone has some info.
Again, thanks.

Chris Koger



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to