Welcome bbc781, the newest member
New user?    Register    Login
http://www.attackprevention.com
AttackPrevention > Firewalls > Comments on Firewall-1 NG Rules to Allow VRRP Traffic


Date Submitted: 06/18/05
Hits: 67
Rating: 55555 based on 1 vote

Firewall-1 NG Rules to Allow VRRP Traffic



Added by Papergrl

By: Mitchell Rowton

Step 1

Create objects for all of the physical and logical IP addresses on both firewalls.

Example

NameIP Address
PriNSPint310.0.0.3
SecNSPint310.0.0.2
VirNSPint310.0.0.1

Do this for every interface


Step 2

Create a VRRP multicast object.

Example

NameIP Address
mcast.net-
224.0.0.18		 224.0.0.18


Step 3

Create a simple group that contains all of the objects in Step 1.


Step 4

Create a rule with the source as the simple group in step 3 and the destination of the same simple group plus the object created in step 2. Permit the VRRP service between these.

Example

Source
FW_Interface_Group

Destination
FW_Interface_Group

mcast.net-224.0.0.18

Action
Accept

Service
VRRP

IGMP


You don't have permission to post replies.

Please login or register.

Copyright 2008 AttackPrevention