it has to be passed to all virtual interfaces on the firewall each vrrp address has to be defined and allowed through. ip-1 ip-2 ..etc add em to a group and allow VRRP traffic from all interfaces to the multicast addy and vice versa
BR Sadir Hal Dorsman wrote: >>From: Steck, Steffen M. [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, October 09, 2002 1:12 AM >>To: [EMAIL PROTECTED] >>Subject: [FW-1] still no connectivity >> >> >>Hi, >>still have this problem and no solution: >>I install a policy from management Solaris 2.6 to NOKIA IP330 >>VRRPmc cluster >>on IPSO 3.5 FCS10 and then loose all connectivity through the >>firewalls as >>soon as the gui says done (no allowed traffic is passed)! At >>this moment I >>see the following console error: >> >>Oct 8 18:01:24 somebox [LOG_CRIT] kernel: FW-1: Warning: >>modify for a new >>entry: >> >> > >Steffen, I found this on Phoneboy: > >Warning: modify for a new entry >Q: >I recently moved from FW-1 ver 3.0b to 4.0. Rather than upgrading, I built a brand >new machine for ver 4.0. The box has more than adequate resources for FW-1 and I >have no complaints about the performance of my firewall, but I'm curious why there >are a lot of errors that are written to the console or NT Event Log that look like >this: > >FW-1: Warning: modify for a new entry: <cf5ab002,35,d1730105,0,11;0,4000,0> <0 : =0 >14>. >A: >FireWall-1 is letting you know it is being asked to "modify" a table entry that does >not exist. This is a harmless error and can be safely ignored. You can disable these >messages as follows: > >IPSO (Nokia/VPN-1 Appliance) > >You need modzap from Nokia Knowledge Base Resolution 1261. Then you can execute the >following command and reboot your Nokia Application Platform: > modzap _fw_modify_verify $FWDIR/boot/modules/fwmod.o 0x0 > Solaris > >Add the following to /etc/system and reboot: > set fw:fw_modify_verify 0x0 > >Hope it helps. > > >Hal > > > > >>Oct 8 18:01:24 somebox [LOG_CRIT] kernel: <0 : =0 22> >>Oct 8 18:01:26 somebox [LOG_CRIT] kernel: FW-1: Warning: >>modify for a new >>entry: >>Oct 8 18:01:26 somebox [LOG_CRIT] kernel: >><3e9ae362,40e,98a39fe8,0,11;0,4000,0> <0 : =0 22> >> >>Then I wait up to 5 minutes and packets start to flow >>through the FW-1s >>like they should. >> >>I checked for reserved words, routes and illegal characters >>but no help. >>Anybody any idea please? >>Running FW-1 4.1 SP6 ssl hotfixed anywhere. >>Thx >>Steffen >> >>================================================= >>To set vacation, Out Of Office, or away messages, >>send an email to [EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your >>subscription options, email >>[EMAIL PROTECTED] >>================================================= >> >> >> > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
