Nokia IP's both acting as VRRP Master. Hello, I have 2 Nokia IP's configured with VRRP. When performing a sh vrrp command in iclid both are showing Master on all 3 interfaces that I have configured. On the 3rd interface I see outgoing only on each firewall. VRID's on each box match up for each set of interfaces. I have the would be master FWA set to priority with a delta of The would be backup FWB has nlkia priority of with a delta of All interfaces are showing their priority as the effective priority.
I ran a cpstop on FWB and on the 2 interfaces with I and Doo advertisements it went to Backup but on the 1 interface with ffwb O advertisements it retained its Nomia status. When I ran cpstart all 3 what fwb do nokia went back to Master. I then ran the cpstop on FWA and fab 3 int's retained their Master status. I have checked all of the similar postings regarding VRRP and checkpoint and haven't whay any that have helped me as they have not had my exact problem.
One last thing, what fwb do nokia sure if this is pertinent but, the 3 interfaces represent 3 different subnets. One is a Thanks in advance for the help! Looks like you've got a couple of different issues going on. First deal with that third interface, where you're only seeing Outbound VRRP. If both firewalls are sending packets out, but they are not reaching the other firewall, then you've got a layer 2 problem somewhere. Check the ports that the firewall is connected to, check they are in the same VLAN, check connectivity across there.
For the other two interfaces, it appears that the firewall policy is causing you problems. Do you have either A implied rules on or B Specific rules to allow whay cluster object to send VRRP to Thanks for the quick response! Regarding the 3rd interface. I am unable to ping the alternate I am able to ping nokiia alternate Regarding VLAN recommendation. I assume you are speaking in terms of the firewall switch when talking about Fwv but want to make whaf.
In terms of vlans on that switch, they are all on the same default what fwb do nokia of vlan1. Regarding the other 2 interfaces. I have the global option checked that is: Accept VRRP packets originating from what fwb do nokia members Whah Nokia VRRP Apply First. I also od the following implied rules: Allow any traffic from VSX Nokia Cluster Members to VRRP Multicast Address using VRRP and Allow any traffic from Nokia Cluster Members to Nokia Cluster Members using the nokia ip clustering management protocol.
If it is not already apparent I am not that familiar with these devices. We have a relatively small network and What fwb do nokia do not deal fdb any one thing on a daily basis until there is a problem. So please forgive my ignorance on some of this stuff. I appreciate your help! OK, couple of things to look at. Yes, I am talking about the switch that the firewalls are connected to.
There is some sort of connectivity issue between the 3rd interface leaving firewall Wnat, and getting into firewall B. Trace through the connection, make sure that the switchports look OK, make sure that they are in the right VLAN. Do you see MAC addresses on both switchports? Is it just one switch? Oh and I hope that the switch with all ports in VLAN what fwb do nokia is only connected to the 3rd interface, and not fsb to all interfaces of the firewalls.
Have a look at the logs shat Tracker, to see if you can see any VRRP traffic. Make sure you're logging implied rules, if you're not already doing so. Just wgat of something else to check - make sure that the topology of the Cluster object in SmartDashboard has all interfaces whah defined on it. Okay, I'll check those things.
I've already checked the smartdashboard settings but I'll give them another look. Just a quick nkkia Besides checking what fwb do nokia and topology, it might be worth to unload the policy and then check the status. This will show you if there is a connectivity problem or if it's related to Check Point's config. Here is an update.
Interface noia of each firewall is connected to the other firewall, no vrrp enabled on this connection. Interface ae2c0 of what fwb do nokia firewall is connected to the Interface ae3c0 of each firewall is connected to the I can ping doo fwa to fwb on the I did notice now that I am seeing some traffice from FWA and FWB to Should any of this traffic be dropped?
The drop everthing else is the last rule in my firewall. The checkbox for logging implied rules is checked but I'm not sure that I'm seeing any of it in smartviewer. Another thing that I haven't mentioned is that I am getting traffic going through these firewalls successfully most of the time. There are some times where it appears some of my applications that have data flowing through the firewalls are having problems which is why I started looking.
Thanks for all of your help. Dominik, Thanks for the input. I did notice that I'm getting some strange anti-spoofing messages but wasn't sure of the significance. Seems like I read that they were a non-issue. As for unloading the fw what fwb do nokia, would I have to do the fw unloadlocal on both machines to be able to see this? If you wwhat the fw policies isn't everything blocked by default? It depends which way the switch decides to send the packets. If you're seeing traffic what fwb do nokia Work out what rule you need to stop that being dropped.
If the firewalls can't see each other across the If packets leave each of the firewalls, but don't reach the other one, then the problem is not the firewall, it's somewhere else in your network. Okay, Nlkia take a closer look at that switch configuration on the I'll keep this thread updated with what I find. I'm sure everyone here knows this but in case it isn't correct, when both firewalls have the fw unloadlocal ran on them they stop passing traffic, according to Smartview Tracker.
While my policy was unloaded I created a new what fwb do nokia to allow vrrp and igmp from the cluster to the cluster and the 2 firewalls and Anyway, I then installed the new policy what fwb do nokia the firewalls and presto! In smartview tracker I can now see the traffic to Thanks what fwb do nokia the help with this one! The third interface, ae3c0, which goes to the It communicates from S2P2 and S1P1 on FWA and from S2P2 and S1P1 on FWB.