A correction to my initial description. Both Firewalls do not think they
are Master, I read the page incorrectly, the primary Firewall continues to
remain Master and the secondary remains at Backup even when the status
monitor reports the primary firewall as disconnected.
I have the vrrp multicast host defined and allow communication from the
firewall to that address and back.
I am beginning to think VRRP configuration, which as been verified correct
by a Nokia engineer, is not necessarily related to the problem.
At 07:26 AM 2/2/01 -0800, Wayne Graves wrote:
> If both think they are master your multicast vrrp messages are not getting
>out between the boxes. Assuming your using monitor type vrrp they both have
>a priority and they both send out a multicast to determine who is highest,
>then
>the highest one continues to send out multicast and the lower goes to backup
>state, if the multicast stops then it's assumed the master has died and the
>backup becomes master. ALL interfaces that are using vrrp have to have
>multicast
>allowed, in acceptable spoof list and such. If you don't have the online doc
>kit installed then get it and install it, it's on the Nokia web site. It
>have a good explanation of it all and what rules are needed.
> Wayne
>
>-----Original Message-----
>From: MikeCC [mailto:[EMAIL PROTECTED]]
>Sent: Monday, January 29, 2001 7:43 AM
>To: [EMAIL PROTECTED]
>Subject: [FW1] FW's constantly changing state
>
>
>
>
>Hello,
>
>I am running two Nokia 650's with FW 4.1 running VRRP.
>
>The issue I am having is that every couple of minutes both firewalls change
>state, from installed to disconnected and back from disconnected to installed.
>
>When I look at the VRRP status, both firewalls think they are the
>master. The firewalls are connected for a Cisco 6509 switch, but I have
>since put them on a simple hub and still see the same behavior.
>
>Any suggestions?
>
>MikeCC
>http://atrek.org/mikecc
>
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
>
MikeCC
http://atrek.org/mikecc
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
