RE: [FW1] Nokia VRRP setup docs??

Fri, 11 Aug 2000 08:40:25 -0700 


John,

You can use VRRP v2 for interface failure whereas, monitored VRRP circuits
are used for complete box switch over and it is the recommended choice.
Monitored VRRP is easy to setup and and eliminates creation of asynchronous
routes that occurs when only a single interface fail.

Look at resolution 1214 'Please Explain VRRP Monitored Circuit on IPSO 3.1
and later' in Nokia knowledge base at www.iprg.nokia.com for complete
step-by-step configuration of VRRP Monitored Circuit.

In a Monitored Circuit configuration you must dedicate an IP address on each
interface you wish to fail over. This means you need at least 3 IP addresses
on each network the firewalls are attached to --  one for each nokia
interface plus an extra IP (virtual/backup). 

The switch over from failure takes only about 10 seconds.

Place a rule on your FW to allow the VRRP communications between the two
FW's

You need to have one port on each box as sync port to synchronize state
table.

You need to estable state table synchronization between the two boxes. Do a
putkey on both firewalls on the sync port. Do fwstop and fwstart on both
boxes. Run 'netstat -na' on both firewalls (The #VALS number should not be
very different).
Run 'fw tab -t connections -s' on both firewalls, you should see a
connection established on port 256 between the sync ports on each box.

DO NOT implement monitored circuit between the sync port

Hope this helps.

-----Original Message-----
From: John Gesualdi [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 9:12 AM
To: fw
Subject: [FW1] Nokia VRRP setup docs??






    Hi,

    I'm looking for technical docs on configuration and setup for VRRP on
two
Nokia IP440 boxes. Can someone help?

Thanks.



--
John Gesualdi
The Providence Journal Company
Phone  (401)277-8133
Pager  (401)785-6938
CCDP,CCNP




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to