Nokia IPSO 4.0 manual Monitoring the Firewall State

Use this procedure to configure virtual routers to back up the addresses of other routers on a shared media network.

1.Click VRRP for IPv6 under Configuration > System Configuration > IPv6 Configuration > Router Services in the tree view.

2.Click VRRPv3 button next to the interface for which to enable VRRP.

3.Click Apply.

4.In the Backup Router with VRID text box, enter a value of from 1 to 255 to specify a virtual ID for the virtual router used to back up the IP addresses of another system. The router you are backing up must also have this virtual router configured for its addresses. Click Apply. Additional configuration options appear that let you enter the IPv6 addresses of the router you are backing up.

5.(Optional) Enter a value from 1 to 254 in the Priority text box to specify the priority of this router during contention for the IP addresses of a failed router. Of the routers backing up the failed router, the one with the priority of highest value take overs the addresses.

The default value is 100.

6.(Optional) In the Hello Interval text box, enter a value from 1 to 4095 to specify the interval, in centiseconds, that is, 1 one-hundredth of a second, between VRRP advertisement transmissions. This value should be the same on all the routers with this virtual router configured.

The default is 100 centiseconds, that is, 1 second.

7.(Optional) Click Disabled next to Preempt Mode if you do not want a virtual router with a higher priority to preempt the current master router and become the new master. The default value is Enabled, which means that a virtual router with a higher priority than the current master preempts the master and becomes the new master router.

8.(Optional) Click Enabled next to Accept Mode if you want the virtual router when it is in a master state to accept and respond to IP packets sent to virtual IPv6 addresses. The VRRP protocol specifies not to accept or respond to such IP packets, so the default is Disabled.

9.Enter an IPv6 address for this virtual router in the Backup Address text box. The first back- up address you configure must be a link-local address. Any link-local address must belong to the fe80::/64 subnet, and global addresses must belong to the subnet of the interface.

10.(Optional) If the router you are backing up had more than one IP address, repeat step 10.

11.Click Apply, and then click Save to make your changes permanent.

Monitoring the Firewall State

You can configure the system to monitor the state of the firewall and respond appropriately. If a VRRP master detects that the firewall is not ready to handle traffic or is not functioning properly, the master fails over to a backup system. If all the firewalls on all the systems in the VRRP group are not ready to forward traffic, no traffic will be forwarded.