Hi Brian, Do you happen to know what the Nokia or Checkpoint SK # for this bug? I need to be able to document this. thanks.
cisco4ng Brian Lawrence <[EMAIL PROTECTED]> wrote: This is a known and documented bug. As you mentioned the delete the vrrp definition and recreate it from scratch method works to resolve it. Brian Lawrence Senior Security Engineer -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Wednesday, February 07, 2007 10:03 AM To: [email protected] Subject: [FW-1] Simplified VRRP explaination needed with IPSO 4.1 build 19 Hi All, I have single Nokia Enforcement module running simplified extended VRRP on IPSO 4.1 build 19. I am planning to add another Nokia Enforcement module later as Active/Standby configuration. When I configure simplified VRRP on the nokia, let say the IP address of the physical interface is 192.168.1.5/24 and the vrrp ip address is 192.168.1.4. The VRRP mac address comes up as follows: Ip560-1-P[admin]# ifconfig eth-s2p1 eth-s2p1c0: lname EXTERNAL flags=e7 inet mtu 1500 inet 192.168.1.5/24 broadcast 192.168.1.255 inet 192.168.1.4/24 broadcast 192.168.1.255 vrrpmac 2:0:5e:c8:59:1 phys eth-s2p1 flags=4133 ether 0:a0:8e:a5:be:c4 speed 1000M full duplex Ip560-1-P[admin]# Now I adding another IP address to this interface and reconfigure VRRP and I get this: Ip560-1-P[admin]# ifconfig eth-s2p1 eth-s2p1c0: lname EXTERNAL flags=e7 inet mtu 1500 inet 192.168.1.5/24 broadcast 192.168.1.255 inet 192.168.10.5/24 broadcast 192.168.10.255 inet 192.168.1.4/24 broadcast 192.168.1.255 vrrpmac 2:0:5e:cd:ed:1 inet 192.168.10.4/24 broadcast 192.168.10.255 vrrpmac 2:0:5e:cd:ed:1 phys eth-s2p1 flags=4133 ether 0:a0:8e:a5:be:c4 speed 1000M full duplex Ip560-1-P[admin]# which is what I expected. Now when I remove 192.168.10.5/24 on the interface and 192.168.10.4 from VRRP I get this: Ip560-1-P[admin]# ifconfig eth-s2p1 eth-s2p1c0: lname EXTERNAL flags=e7 inet mtu 1500 192.168.1.5/24 broadcast 192.168.1.255 phys eth-s2p1 flags=4133 ether 0:a0:8e:a5:be:c4 speed 1000M full duplex Ip560-1-P[admin]# Basically, the VRRP mac address for 192.168.1.4 is not in there when I do ifconfig eth-s2p1. Even if I reboot the box, I still could not get the VRRP mac address back unless I go back in to VRRP and delete the whole thing and recreate it again. Only then I see the VRRP mac address on interface eth-s2p1. Is this expected behavior or is it a bug in IPSO 4.1? Thanks. cisco4ng --------------------------------- Don't be flakey. Get Yahoo! Mail for Mobile and always stay connected to friends. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Don't pick lemons. See all the new 2007 cars at Yahoo! Autos. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
