• November 13, 2019, 01:51:00 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: VRRP 'Gotcha' to watch out for in IPSO?  (Read 5794 times)

0 Members and 1 Guest are viewing this topic.

Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 961
VRRP 'Gotcha' to watch out for in IPSO?
« on: February 28, 2011, 05:33:32 AM »
Hi,

We recently removed some interfaces (DMZs) from one of our Nokia appliances using Voyager and if you donot remove the VRRP backup IP address first, before removing the logical IP interfaces you will still see the interface being monitored in the 'monitored circuits' VRRP interfaces view.  Which means that as the interfaces are no longer available the 'priority delta' will be subtracted from the VRRP priority.  In our case VRRP failed over from the primary firewall to the backup firewall.  We had to re-instate the deleted IP interfaces and VRRP IP address and remove the VRRP IP address first to resolve the problem.  We also tried upgrading to the latest version of IPSO that supports R65, but that still has the same issue.  It would be interesting to see if the issue still exists in IPSO that supports R70?

CheerZ


Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3840
    • michaelfmcnamara
    • Michael McNamara
Re: VRRP 'Gotcha' to watch out for in IPSO?
« Reply #1 on: February 28, 2011, 11:38:36 PM »
That's interesting.... I'm running R70 on a pair of IP560s both running VRRP and so far so good. I don't expect I'll have the opportunity to test your specific issue though - production firewalls for a 1Gbps (100Mbps CIR) Internet link.

Are you running any Anti-Virus scanning on any of you IPSO firewalls? I'm looking to retire my Blue Coat ProxySG appliances and just allow raw access to the Internet but I'd like to still be able to perform AV scanning of at least HTTP data.

Cheers!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Flintstone

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 961
Re: VRRP 'Gotcha' to watch out for in IPSO?
« Reply #2 on: March 01, 2011, 04:33:17 AM »

We currently have the same setup as you I.e. Blue Coat ProxySG appliances.  I don't think we will be changing anytime soon?

CheerZ