[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] IPSO VRRP issue
On Fri, Jan 05, 2001 at 05:28:40PM -0500, Chris Arnold wrote: : : Hello. I just did the initial VRRP configuration on a pair of Nokias (IPSO : 3.2.1). I followed the instructions in Nokia's knowledgebase and it : appeared to be correct. I'm seeing the VRRP traffic allowed in the FW log : (CP 4.1 sp2) and netstat -rn and ifconfig -a from the command line(s) show : the virtual IP address (and fail-over appears to work) but I can't ping it. : There are no CP rules blocking this. Any thoughts? It's a feature.. :-) Even though you can turn this functionality on in IPSO 3.3, I'm not all that fond of the idea. Think about it.. Most people's reaction is that they want this behavior for use in network monitoring (in other words, making sure the firewall is up). However, what does this really tell you beyond the fact that something is responding? It's much better to monitor each PHYSICAL IP address, that way you KNOW when one of the firewalls has failed. -- Jason Costomiris <>< | Technologist, geek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ Quidquid latine dictum sit, altum viditur. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|