OK, in a nutshell... The 2 devices (in this case FWs) each have their own physical IP addresses on each interface. Each *pair* of interfaces (DMZ, intranet, etc...) has one virtual IP address that they both pay attention to.
Which application you are using will determine the method for configuring this, but one will be defined as *primary* and one as *backup*. The primary device will answer arp requests for the virtual IP address. The backup sees, but will not respond to arp requests for the virtual address that it is monitoring, unless it sees that the primary is down. The VRRP link is how the primary/backup keep tabs on health check Have I forgotten anything? Anybody else chime in... On Mon, 2001-12-10 at 12:18, Carmelo Floridia wrote: > Hi guru, > Assume that i have two firewalls in HA, > each firewall has 4 interface(internet,intranet, DMZ and VRRP) > In which way can I monitor connectivity between firewall and other 3 > networks? > For example, if the interface of DMZ of the master firewall goes down....or > goes down the link between master firewall and DMZ....how the backup take > the control? > best regards > Carmelo > -- Nick Network Security Consultant CISSP, CCSI, MCSE, CCNA Lucent Technologies/NPS Raleigh, NC _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
