Re: R: Firewall in HA: how VRRP works?

Fri, 14 Dec 2001 11:47:34 -0800 

        
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi Carmelo,

The backup will be master when connctivity with master fail.

I implemented some nokia (IPSO), they have easy way to
star VRRP, whith somo interesting options.

If I can help, please, fell free to ask.

- -fn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Gnome PGP version 0.4

iD8DBQE8GKQRgXlWXCEZRIMRAssZAKDbamFi+nWhq1oamHyyWv75+pyEqQCg0Nlb
Xz+GPO8v2K7MlEMUcP5L6zc=
=1wwx
-----END PGP SIGNATURE-----


Carmelo Floridia wrote:
> 
> Ok but....
> when backup become master?
> depends on failure of master hardware?
> depends on failure of connctivity?
> Cerainly depends of the firewall...
> ...anyone used Nokia with FW-1 or netscreen?
> bye
> Carmelo
> 
> > -----Messaggio originale-----
> > Da: Nick [mailto:[EMAIL PROTECTED]]
> > Inviato: martedě 11 dicembre 2001 14.35
> > A: Carmelo Floridia
> > Cc: SECURITY-BASICS
> > Oggetto: Re: Firewall in HA: how VRRP works?
> >
> >
> > OK, in a nutshell...
> >
> > The 2 devices (in this case FWs) each have their own physical IP
> > addresses on each interface.  Each *pair* of interfaces (DMZ, intranet,
> > etc...) has one virtual IP address that they both pay attention to.
> >
> > Which application you are using will determine the method for
> > configuring this, but one will be defined as *primary* and one as
> > *backup*.  The primary device will answer arp requests for the virtual
> > IP address.  The backup sees, but will not respond to arp requests for
> > the virtual address that it is monitoring, unless it sees that the
> > primary is down.  The VRRP link is how the primary/backup keep tabs on
> > health check
> >
> > Have I forgotten anything?  Anybody else chime in...
> >
> >
> > On Mon, 2001-12-10 at 12:18, Carmelo Floridia wrote:
> > > Hi guru,
> > > Assume that i have two firewalls in HA,
> > > each firewall has 4 interface(internet,intranet, DMZ and VRRP)
> > > In which way  can I monitor connectivity between firewall and other 3
> > > networks?
> > > For example, if the interface of DMZ of the master firewall
> > goes down....or
> > > goes down the link between master firewall and DMZ....how the
> > backup take
> > > the control?
> > > best regards
> > > Carmelo
> > >
> > --
> > Nick
> > Network Security Consultant
> > CISSP, CCSI, MCSE, CCNA
> > Lucent Technologies/NPS
> > Raleigh, NC
> >
> >  _________________________________________________________ Do You
> > Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
> >

--
Chave Publica (GNU/GPG)
http://www.guardata.com.br/gpg/fned.pub
--
Guardata Network Security
+55 61.447-5862
http://www.guardata.com.br

SCLN 309 Bloco D  Sala 214
Brasília - DF    CEP:  70.755-540
Tel.: 55-61-447-5862    Fax: 55-61-3032-2660

***************************************************
The information in this email  is  confidential
and may be legally privileged.
It is intended solely for the addressee. Access
to this  email  by anyone else is unauthorized.

If  you  are  not   the   intended   recipient,
any  disclosure,  copying,  distribution or any
action taken or omitted to be taken in reliance
on it,  is prohibited and may be unlawful. When
addressed to our clients any opinions or advice
contained  in  this  email  are  subject to the
terms and conditions expressed in the governing
GUARDATA client engagement letter.
***************************************************

Reply via email to