NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] IPSO VRRP issue



On Fri, Jan 05, 2001 at 05:28:40PM -0500, Chris Arnold wrote:
: 
: Hello.  I just did the initial VRRP configuration on a pair of Nokias (IPSO
: 3.2.1).  I followed the instructions in Nokia's knowledgebase and it
: appeared to be correct.  I'm seeing the VRRP traffic allowed in the FW log
: (CP 4.1 sp2) and netstat -rn and ifconfig -a from the command line(s) show
: the virtual IP address (and fail-over appears to work) but I can't ping it.
: There are no CP rules blocking this.  Any thoughts?

It's a feature.. :-)  Even though you can turn this functionality on in
IPSO 3.3, I'm not all that fond of the idea.  Think about it..  Most
people's reaction is that they want this behavior for use in network 
monitoring (in other words, making sure the firewall is up).  However,
what does this really tell you beyond the fact that something is 
responding?

It's much better to monitor each PHYSICAL IP address, that way you KNOW
when one of the firewalls has failed.

-- 
Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
          Quidquid latine dictum sit, altum viditur.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.