Re: Firewall in HA: how VRRP works?

From: Nick (bombdudeusmc@yahoo.com)
Date: 12/11/01


From: Nick <bombdudeusmc@yahoo.com>
To: Carmelo Floridia <cfloridia@lex.unict.it>
Date: 11 Dec 2001 08:35:23 -0500

OK, in a nutshell...

The 2 devices (in this case FWs) each have their own physical IP
addresses on each interface. Each *pair* of interfaces (DMZ, intranet,
etc...) has one virtual IP address that they both pay attention to.

Which application you are using will determine the method for
configuring this, but one will be defined as *primary* and one as
*backup*. The primary device will answer arp requests for the virtual
IP address. The backup sees, but will not respond to arp requests for
the virtual address that it is monitoring, unless it sees that the
primary is down. The VRRP link is how the primary/backup keep tabs on
health check

Have I forgotten anything? Anybody else chime in...

On Mon, 2001-12-10 at 12:18, Carmelo Floridia wrote:
> Hi guru,
> Assume that i have two firewalls in HA,
> each firewall has 4 interface(internet,intranet, DMZ and VRRP)
> In which way can I monitor connectivity between firewall and other 3
> networks?
> For example, if the interface of DMZ of the master firewall goes down....or
> goes down the link between master firewall and DMZ....how the backup take
> the control?
> best regards
> Carmelo
>

-- 
Nick
Network Security Consultant
CISSP, CCSI, MCSE, CCNA
Lucent Technologies/NPS
Raleigh, NC

_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com