Re: VRRP on NOKIA (CheckPoint)

From: SysAdm (willgeeza_at_yahoo.com)
Date: 06/20/04

• Next message: SysAdm: "Re: Opinions: To NAT or not to NAT?"
• Previous message: Casey: "Re: Sygate v5.5b2577 ready for D/L"
• In reply to: Alabama Circus: "VRRP on NOKIA (CheckPoint)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 19 Jun 2004 16:13:23 -0700

magneto@no-log.org (Alabama Circus) wrote in message news:<f7a1ce09.0406190703.21a6ded3@posting.google.com>...
> Hello,
>
> Let's take an example.
>
> On the Main firewall,
>
> eth1c0 is 195.238.10.1/24 (external)
> eth2c0 is 195.238.20.1/24 (internal)
> eth3c0 is 10.10.10.1/30,
>
> -> VRRP external 195.238.10.3
> -> VRRP internal 195.238.20.3
>
> On the other HA machine,
>
> eth1c0 is 195.238.10.2/24 (external)
> eth2c0 is 195.238.20.2/24 (internal)
> eth3c0 is 10.10.10.2/30,
>
> -> VRRP external 195.238.10.3
> -> VRRP internal 195.238.20.3
>
> eth3c0's are directly interconnected through a cross-over cable.
>
> For the VRRP setup, do I have to take into account eth3c0's???
>
> Can anybody copy/paste here the output of ifconfig -a on a cluster
> that has been setup like what I need? As a reference.
>
> Many thanks,
>
> Alabama

No, you dont have to setup VRRP for the /30. I presume you are using
(or are going to use) VRRP Monitored Circuits. In which case, on the
Primary FW Configure the two data networks to monitor each other. In
the event of a failure of either segment, the Primary FW would
failover to the Secondary (as the monitored network configuration
would decrement the Priority value by the Delta value - which would
now be lower than the value for the same VRID on the Secondary FW).
Once the Primary network is back up, it will preempt (to use a cisco
hsrp term) the Secondary Firewall and become Master again (as its
Priority value will once again be greater).

SysAdm

SysAdm

---

• Next message: SysAdm: "Re: Opinions: To NAT or not to NAT?"
• Previous message: Casey: "Re: Sygate v5.5b2577 ready for D/L"
• In reply to: Alabama Circus: "VRRP on NOKIA (CheckPoint)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Advice for SOHO firewall gear? ... I'm planning to expand my home/hobby network from a small gateway-server ... would like advice on firewall gear. ... Firewalled routing from perimeter network to trusted network ... traditional two-router setup is also OK, so long as the initial cost ... (comp.security.firewalls) Re: Linux Firewall or Netgear ... I am currently setting up a network ... a PC running a firewall or a small appliance ... you need to pick the one you are sure you can setup based on ... 2000 Advanced Server can be setup as a VPN Server and supports simple ... (comp.security.firewalls) Re: Linux Router ... > of my clients behind the firewall to see beyond the firewall. ... > My two network cards are setup as: ... > I rebooted the machine after the above network setup, ... pass out on $ext_if proto tcp all modulate state flags S/SA ... (Debian-User) intermittent network/firewall failure ... I've recently tried setting up a firewall for our office and tried ... everything works fine except i've been getting intermittent network ... everything is normal again (except when the network failure randomly ... btw, this is the setup: the box has 3 nics, ... (comp.os.linux.networking) Re: Traffic Monitor ... >I am an ISP running FreeBSD as a firewall and as a Mail Server. ... >are using on my network. ... >and I have a FreeBSD box on that port just to monitor the traffic. ... (freebsd-isp)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)