[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Nokia and Monitored Circuit

To: Lloyd.Webb@gehis.com, fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] Nokia and Monitored Circuit
From: Jerald Josephs <jjosephs@pacbell.net>
Date: Thu, 14 Oct 1999 00:44:21 -0700

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


What is going to happen:

Should any one of the interfaces that VRRP on eth-s2p3 is monitoring
fail, then the (default) Priority value of 100 will be decremented by the
Delta value of 10. This should reduce the effective priority to a value
less than the priority of the VRRP peer (the other firewall).

Pros:
This enables a failing firewall to be completely removed from the
network circuit, allowing the peer to take over. No asymmetric routes.
Better stateful handling of the connections.

Cons:
Should one of these interfaces be directly connected with the
peer, then the link goes down on both firewalls. If the base priority
and the delta values are the same one both sides (actually recommended
from my point-of-view), you end up with an effective priority that is
the same on both firewalls.

No changes occur and you probably have only lost the network connection
that exists only between the two firewalls.

Did that make sense?

Jerald Josephs
jjosephs@pacbell.net
----- Original Message -----
From: <Lloyd.Webb@gehis.com>
To: <fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Wednesday, October 13, 1999 9:28 AM
Subject: [FW1] Nokia and Monitored Circuit


>
> I would just like to question our configuration as someone has thrown some
> doubt onto it.
>
> Is it correct when configuring Monitored Circuit to have all the other
> interfaces monitoring your monitored circuit or is it adequate to have one
> or two. What are the pros and cons?
>
> For example:
>
> Interface 192.168.2.254/24  Mode: Monitored Circuit
> Virtual Router: 30  on Priority:  100   Hello Interval: 1
> Backup Address:
> 192.168.2.1  on
> eth-s2p1c0  on Priority Delta:  10
> eth-s2p2c0  on Priority Delta:  10
> eth-s2p4c0  on Priority Delta:  10
> eth-s4p1c0  on Priority Delta:  10
> eth-s4p4c0  on Priority Delta:  10
>
> Lloyd Webb
> Senior Specialist
> Gehis Limited
> UK
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] FW: Setting up a trace using the tcpdump command
Next by Date: Re: [FW1] Nokia and Monitored Circuit
Prev by thread: [FW1] Nokia and Monitored Circuit
Next by thread: Re: [FW1] Nokia and Monitored Circuit
Index(es):
- Date
- Thread