Hi folks; I have a question on Anti Spoofing rules, here's the scoop:
Phone Boy states that you should use "Others +" as follows: Others + This allows you to specify IP addresses that appear on both your internal and external interfaces. This is usually needed when you are doing NAT in certain situations, running OSPF on both the internal and external interfaces, or running VRRP. reference: http://www.phoneboy.com/faq/0061.html I'm confused by why this might be required for VRRP. My understanding of Anti Spoofing is that it is based on "Source" not "Destination" ip addresses. I've asked locally if this reference might have to do with the VRRP Multicast address 224.0.0.18 to which they replied yes but without further explanation. When I view the logs I see traffic from the firewall interface addresses going to 224.0.0.18 but do not see any traffic that originates from that address. I did a simple fail over test and things seemed to work OK. I have not done extensive testing to see if some sessions are dropped when they shouldn't be or other strange things are happening as it's difficult to do in a production environment. I'd hate to include the 224.0.0.18 address on any interface if it's not needed. Any ideas, comments or suggestions would be appreciated. Thanks in advance, Ken __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
