Re: [FW-1] Nokia VRRP doesn't failover all interfaces

Wed, 04 Jun 2008 16:45:10 -0700 

Here are some sample VRRP configurations for each firewall (pretend the
10.x.x.x and 172.16.x.x are publicly routable)

Primary Firewall:

   Interface1 (10.1.1.1):
       Mode Monitored Circuit (choose this over VRRPv2)
Virtual Router 110 (this is arbitrary as long as it's the same for each firewall's interface) 
       Priority 100, Delta 25
       Backup Address 10.1.1.3
Monitor Interface Int2 and Int3 Delta25 (add both of the other interfaces to the monitor list with a delta of 25. What this does is watch the link state on each of the listed interfaces and lower the priority by the delta if connectivity is lost on any of them) Authentication simple password (make sure this is the same for each interface on each firewall) 

   Interface2 (172.16.1.1):
       Mode Monitored Circuit
       Virtual Router 115
       Priority 100, Delta 25
       Backup Address 172.16.1.3
       Monitor Interface Int1 and Int3 delta 25
       Authentication simple password

   Interface3 (192.168.1.1):
       Mode Monitored Circuit
       Virtual Router 120
       Priority 100, Delta 25
       Backup Address 192.168.1.3
       Monitor Interface Int1 and Int2, Delta 25
       Authentication simple password

Secondary Firewall:

   Interface1 (10.1.1.2):
       Mode Monitored Circuit
       Virtual Router 110
       Priority 90, Delta 25
       Backup Address 10.1.1.3
       Monitor Interface Int2 and Int3, Delta 25
       Authentication simple password

   Interface2 (172.16.1.2):
       Mode Monitored Circuit
       Virtual Router 115
       Backup Address 172.16.1.3
       Priority 90, Delta 25
       Monitor Interface Int1 and Int3, Delta 25
       Authentication simple password

   Interface3 (192.168.1.2):
       Mode Monitored Circuit
       Virtual Router 120
       Backup Address 192.168.1.3
       Priority 90, Delta 25
       Monitor Interface Int1 and Int2, Delta 25
       Authentication simple password





Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to