If there's no NAT in place, then public addresses should never make it to
your LAN.
Have you allowed IGMP and VRRP (create the service manually) between the
firewalls ?
Have you setup monitored circuits with the Nokias ?
Could you post up a sample log message ?
Cheers,
Tim
----- Original Message -----
From: Francisco Cabral <[EMAIL PROTECTED]>
To: 'Tim Holman' <[EMAIL PROTECTED]>; Fw-1-Mailinglist (E-mail)
<[EMAIL PROTECTED]>
Sent: 18 April 2001 08:42
Subject: RE: [FW1] Multicast address
> That's all done initially.
>
> I understand the need to monitor the FW interfaces but I would like that
to
> be log-silent.
> Apparently, you managed to do it.
>
> When I look at the logs, I can see effectily that, through the LAN
> interface, packets are coming out with the public IP of the FW.
> There's no NAT defined for the FW IPs.
>
> Can anyone point me to an article explaining how multicast works so that I
> can assess if this is a Nokia or a IP "feature"?
>
> Francisco
>
> -----Original Message-----
> From: Tim Holman [mailto:[EMAIL PROTECTED]]
> Sent: 17 April 2001 19:21
> To: Francisco Cabral; Fw-1-Mailinglist (E-mail)
> Subject: Re: [FW1] Multicast address
>
>
> What do your anti-spoofing rules say ?
> Setup the external interface to Others, the sync link to This Net, and the
> internal interface to Others+, adding a group with all the public IP
> addresses you're using for NAT.
> Do this for both firewalls, as this info is not replicated.
> If you're using 'Specific', then add the VRRP multicast object to the
group,
> but I've found the above formula works just as well.
>
> Tim
>
> ----- Original Message -----
> From: Francisco Cabral <[EMAIL PROTECTED]>
> To: Fw-1-Mailinglist (E-mail)
<[EMAIL PROTECTED]>
> Sent: 11 April 2001 11:02
> Subject: [FW1] Multicast address
>
>
> >
> > Hi,
> >
> > Each day, my FW logs get huge with the VRRP multicast address entries
with
> > the reason of "address spoofing". Could the reason be that all the FW
> > interfaces go into a hub (for testing)? Is there a way of not logging
> these
> > packets? Thanks.
> >
> > Regards,
> >
> > Francisco Cabral
> >
> >
> >
> >
> >
>
============================================================================
> ====
> > To unsubscribe from this mailing list, please see the instructions
at
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> >
> >
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
