3.In the row for the interface you want to configure, select the VRRPv2 radio button in the Mode column.

4.Click Submit.

Text boxes for Own VRID and Backup Router with VRID appear.

5.Configure the router as a master or a backup by doing one of the following.

„If you want to configure this router as the master for a VRRP group, enter the VRID for the virtual router in the Own VRID text box.

„If you want to configure this router as a backup, enter the VRID you want the router to back up in the Backup Router with VRID text box.

6.Click Apply. Additional fields appear.

7.Do one of the following, depending on whether this platform serves as a master or a backup.

„If this platform serves as the master router, enter values in the Own VRID section for hello interval and VMAC mode for the VRID for which this platform serves as the master router. (For VRRPv2, the priority for the master is automatically set to 255 and the backup address is the physical address of the interface.)

„If this platform serves as a backup router, enter values in the Router with VRID section for each VRID you are using the interface to backup.

8.Click Apply.

9.Click Save to make your changes permanent.

Note

To disable a virtual router, first remove the VRRP configuration for that virtual router from all backup routers. If you delete the virtual router on the master first, it stops sending VRRP advertisements and the backup router assumes it has failed and adopts the address of the master automatically. This results in two routers having the address of the default router configured.

Configuring Check Point NGX for VRRP

The guidelines in this section list some considerations for configuring Check Point NGX for VRRP. For additional details, refer to the Check Point documentation.

„Each VRRP node must run the same feature pack and hot fix.

„You must install the same Check Point packages on each node; each VRRP node must have exactly the same set of packages as all the other nodes.

„Create the complete VRRP configuration before you put any of the systems into service. That is, make sure each system is completely configured and the firewall has begun synchronization before putting the VRRP group in service. Following this process ensures that all connections are properly synchronized.

Nokia Network Voyager for IPSO 4.0 Reference Guide

197

Page 196 Page 198
Page 197
Image 197
Nokia IPSO 4.0 manual Configuring Check Point NGX for Vrrp, Nokia Network Voyager for Ipso 4.0 Reference Guide 197
Page 196 Page 198
Top Page Image Contents