What do your anti-spoofing rules say ?
Setup the external interface to Others, the sync link to This Net, and the
internal interface to Others+, adding a group with all the public IP
addresses you're using for NAT.
Do this for both firewalls, as this info is not replicated.
If you're using 'Specific', then add the VRRP multicast object to the group,
but I've found the above formula works just as well.
Tim
----- Original Message -----
From: Francisco Cabral <[EMAIL PROTECTED]>
To: Fw-1-Mailinglist (E-mail) <[EMAIL PROTECTED]>
Sent: 11 April 2001 11:02
Subject: [FW1] Multicast address
>
> Hi,
>
> Each day, my FW logs get huge with the VRRP multicast address entries with
> the reason of "address spoofing". Could the reason be that all the FW
> interfaces go into a hub (for testing)? Is there a way of not logging
these
> packets? Thanks.
>
> Regards,
>
> Francisco Cabral
>
> Europesave SA
> System Administrator
> R. Gulledelle 96
> 1200 Brussels
> Belgium
> Phone: +32-2-400.98.00
> Fax: +32-2-400.98.01
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================