Ok but.... when backup become master? depends on failure of master hardware? depends on failure of connctivity? Cerainly depends of the firewall... ...anyone used Nokia with FW-1 or netscreen? bye Carmelo
> -----Messaggio originale----- > Da: Nick [mailto:[EMAIL PROTECTED]] > Inviato: marted� 11 dicembre 2001 14.35 > A: Carmelo Floridia > Cc: SECURITY-BASICS > Oggetto: Re: Firewall in HA: how VRRP works? > > > OK, in a nutshell... > > The 2 devices (in this case FWs) each have their own physical IP > addresses on each interface. Each *pair* of interfaces (DMZ, intranet, > etc...) has one virtual IP address that they both pay attention to. > > Which application you are using will determine the method for > configuring this, but one will be defined as *primary* and one as > *backup*. The primary device will answer arp requests for the virtual > IP address. The backup sees, but will not respond to arp requests for > the virtual address that it is monitoring, unless it sees that the > primary is down. The VRRP link is how the primary/backup keep tabs on > health check > > Have I forgotten anything? Anybody else chime in... > > > On Mon, 2001-12-10 at 12:18, Carmelo Floridia wrote: > > Hi guru, > > Assume that i have two firewalls in HA, > > each firewall has 4 interface(internet,intranet, DMZ and VRRP) > > In which way can I monitor connectivity between firewall and other 3 > > networks? > > For example, if the interface of DMZ of the master firewall > goes down....or > > goes down the link between master firewall and DMZ....how the > backup take > > the control? > > best regards > > Carmelo > > > -- > Nick > Network Security Consultant > CISSP, CCSI, MCSE, CCNA > Lucent Technologies/NPS > Raleigh, NC > > _________________________________________________________ Do You > Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com >
