Nokia Network Voyager for IPSO 4.0 Reference Guide 139
Enabling or Disabling VRRP for a Transparent Mode Group
If you are enabling VRRP on a VRRP master, the node will perform transparent mode
operations as described in the section, “Transparent Mode” on page 132. As a VRRP standby, it
will drop all packets except those with local destinations.
For more information on configuring VRRP, see “Configuring VRRP” on page 186
To enable or disable VRRP for a transparent mode group
1. Click Transparent Mode under Configuration > Interface Configuration in the tree view.
2. Click the link of the transparent mode group to which you would like to enable VRRP.
3. Select the Yes or No radio button in the VRRP Enabled table.
4. Click Apply.
5. Click Save to make your changes permanent.
Monitoring Transparent Mode Groups
To monitor transparent mode groups
1. Click Transparent Mode under Monitor in the tree view.
2. Click a transparent mode group under XMODE Group Id.
Transparent Mode and Check Point NGX
This section explains some details about configuring a firewall to work with transparent mode.
Configuring Antispoofing
The proper configuration for antispoofing depends on how the interfaces in the transparent mode
group are configured.
All Interfaces Are Internal
If all the interfaces in the group are internal, you should configure antispoofing normally. You
treat the interfaces as being on the same subnet and, any other nested networks must be properly
defined so that antispoofing to be aware of them and traffic is not dropped.
One Interface Is External
If one interface is external, do not use antispoofing. If antispoofing is applied, the firewall drops
reply packets because they are sourced from the same subnet.
Configuring VRRP
When you use the Check Point NGX SmartDashboard to configure the Gateway Cluster
properties of a VRRP pair that uses IPSO transparent mode, you must follow this procedure.