[fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?

From: Harry Whitehouse (harry_at_endicia.com)
Date: 02/04/04

Next message: Marcus J. Ranum: "RE: [fw-wiz] Botnets, IRC servers and firewalls?"

Previous message: Eugene Kuznetsov: "RE: [fw-wiz] Efficiently detecting obfuscated shell code"
Next in thread: Dario Calia: "Re: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Reply: Dario Calia: "Re: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Maybe reply: Mike McNutt: "RE: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Maybe reply: Harry Whitehouse: "RE: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Wed, 4 Feb 2004 12:36:01 -0800

Hello All!

I'm trying to upgrade my PIX firewall and ran into a problem with a
Windows Load Balanced Array (WLBS). In my PIX 5.x operating system
(which I set up 2 years ago), it seemed to require that I have an APR
statement like this:

arp inside 192.168.100.246 03bf.C0A8.6416 alias

This production box has worked flawlessly for 2+ years. I have a
conduit bridging an outside public address to this internal IP address
and running https traffic.

When I tried to replace my 5.x PIX box with a new PIX running OS 6.3,
the load balancing stopped working completely. I set up a separate test
bed with the new PIX and a test Load Balanced array and it seems that
WLBS will work WITHOUT the ARP statement, but will not work with the ARP
statement.

Does anyone know of changes between the PIX OS versions which would
explain this behavior?

TIA

Harry

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Marcus J. Ranum: "RE: [fw-wiz] Botnets, IRC servers and firewalls?"

Previous message: Eugene Kuznetsov: "RE: [fw-wiz] Efficiently detecting obfuscated shell code"
Next in thread: Dario Calia: "Re: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Reply: Dario Calia: "Re: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Maybe reply: Mike McNutt: "RE: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Maybe reply: Harry Whitehouse: "RE: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Looking to replace a Netscreen-100
... used as a firewall (no NAT/PAT, VPN, load balancing, etc.). ... secondary ip addresses on its trusted interface, ... The PIX / ASA will just disapoint you. ...
(comp.dcom.sys.cisco)
Re: Please suggest firewall for IIS ASP.Net/SQL Server 2000 website
... > similar to W2K Advanced Server in that it supports load balancing ... > have come to the conclusion that a Cisco PIX 501 is the firewall to ... > PIX can handle 10 megs of second of throughput. ... > Something tells me I also need to get the SQL Server onto a separate ...
(comp.security.firewalls)
Re: [fw-wiz] Changes in How ARP is Handled between PIX OS 5.x and OS6.3?
... > When I tried to replace my 5.x PIX box with a new ... > the load balancing stopped working completely. ... > WLBS will work WITHOUT the ARP statement, ... Do you Yahoo!? ...
(Firewall-Wizards)