Comments inline. On Tue, 2001-12-11 at 12:46, Carmelo Floridia wrote: > > Ok but.... > when backup become master?
Backup will take over when it becomes aware of the master FW either losing connectivity on one interface (inside or outside), or when it can no longer reach the master. > depends on failure of master hardware? Yes > depends on failure of connctivity? Yes > Cerainly depends of the firewall... > ...anyone used Nokia with FW-1 or netscreen? We have used the Nokia solution with much satisfaction. I have also heard good things about the Netscreen FW in general, but have not worked with it personally. I have also not heard anything specific about Netscreen in a VRRP situation. HTH > bye > Carmelo > > > > > -----Messaggio originale----- > > Da: Nick [mailto:[EMAIL PROTECTED]] > > Inviato: marted́ 11 dicembre 2001 14.35 > > A: Carmelo Floridia > > Cc: SECURITY-BASICS > > Oggetto: Re: Firewall in HA: how VRRP works? > > > > > > OK, in a nutshell... > > > > The 2 devices (in this case FWs) each have their own physical IP > > addresses on each interface. Each *pair* of interfaces (DMZ, intranet, > > etc...) has one virtual IP address that they both pay attention to. > > > > Which application you are using will determine the method for > > configuring this, but one will be defined as *primary* and one as > > *backup*. The primary device will answer arp requests for the virtual > > IP address. The backup sees, but will not respond to arp requests for > > the virtual address that it is monitoring, unless it sees that the > > primary is down. The VRRP link is how the primary/backup keep tabs on > > health check > > > > Have I forgotten anything? Anybody else chime in... > > > > > > On Mon, 2001-12-10 at 12:18, Carmelo Floridia wrote: > > > Hi guru, > > > Assume that i have two firewalls in HA, > > > each firewall has 4 interface(internet,intranet, DMZ and VRRP) > > > In which way can I monitor connectivity between firewall and other 3 > > > networks? > > > For example, if the interface of DMZ of the master firewall > > goes down....or > > > goes down the link between master firewall and DMZ....how the > > backup take > > > the control? > > > best regards > > > Carmelo > > > > > -- > > Nick > > Network Security Consultant > > CISSP, CCSI, MCSE, CCNA > > Lucent Technologies/NPS > > Raleigh, NC > > > > _________________________________________________________ Do You > > Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com > > -- Nick Network Security Consultant CISSP, CCSI, MCSE, CCNA Lucent Technologies/NPS Raleigh, NC _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
