I did the Nokia and Firewall-1 upgrade couple months ago. And yes, if you "want" to use the Simplified VRRP, you should only have one VRID for all the interfaces of the Nokia appliances involved. If you don't, you will keep getting "warning" messages about the different VRID on different interfaces. I didn't try, but probably the failover would not work in that configuration.
I quote 'want' above because you can keep using the legacy VRRP and the multiple VRID setup. However, I can tell you using simplified VRRP is a lot cleaner, and it makes sense. Under the simplified VRRP, the only situation you would use a different VRID is that you would have another "different" monitoring group in the same subnet segment. Otherwise, you only need one VRID for your existing monitoring group. (a bit off topic...) Indeed, this simplified VRRP practice is aligned to what you would do under Cisco 's HSRP configuration. Since Cisco fixed a bug in their HSRP implementation, you could only have up to 16 (or 256 on some high end models) HSRP group ID, because all routers in the same monitoring group should use the same group ID on all interfaces. Cheers, Raymond N. At 10:07 PM 5/25/05 -0400, you wrote: >We currently define a VRID for each physical interface on our Nokia appliance. This is true if there is only one network connected to the interface or if there are many VLANs connected. We are in the process of upgrading to IPSO 3.8.1 > >page 285 of IPSO 3.8.1 Voyager Reference Guide states: >Note: >All configured backup addresses must be associated with the same VRID. If you do not associate all backup addresses with the same VRID when you configure monitored circuit mode using simplified configuration, monitoring of VRRP network interfaces is not enabled. > >Does this mean you can only have 1 VRID or can we continue to have one for each physical interface. The Reference Guide continues with references of choosing the particular VRID for options and changes etc. which contradicts the Note above. I originally interpreted the note to be in reference to a HA solution where the master, and all backup appliances must use the same VRID for a particular backup address. I just thought I'd run it past this mail list to be sure before we upgrade. > >Thanks in advance, > >Ken > > >__________________________________________________________________ >Switch to Netscape Internet Service. >As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register > >Netscape. Just the Net You Need. > >New! Netscape Toolbar for Internet Explorer >Search from anywhere on the Web and block those annoying pop-ups. >Download now at http://channels.netscape.com/ns/search/install.jsp > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
