Filter
Top Products
4
200 Nokia Network Voyager for IPSO 4.0 Reference Guide
Note
The object for VRRP is not the same as the gateway cluster object for HA. Accordingly, in
this example, the gateway cluster object is designated fwcluster-object.
Where:
cluster-all-ips is the Workstation object you created with all IPs.
fwcluster-object is the Gateway Cluster object.
mcast-224.0.0.18 is a Workstation object with the IP address 224.0.0.18 and of the type
host.
Configuration Rules for Check Point NGX FP2 and Later
Locate the following rule above the Stealth Rule:
Where:
Firewalls is a Simple Group object containing the firewall objects.
fwcluster-object is the gateway cluster object.
mcast-224.0.0.18 is a Node Host object with the IP address 224.0.0.18.
Configuring Rules if You Are Using OSPF or DVMRP
All of the solutions in “Configuration Rule for Check Point NGX FP1” and “Configuration
Rules for Check Point NGX FP2 and Later” are applicable for any multicast destination.
If your appliances are running routing protocols such as OSPF and DVMRP, create new rules for
each multicast destination IP address.
Alternatively, you can create a Network object to represent all multicast network IP destinations
by using the following values:
Name:
MCAST.NET
IP: 224.0.0.0
Netmask: 240.0.0.0
You can use one rule for all multicast protocols you are willing to accept, as shown below:
Source Destination Service Action
cluster-all-ips
fwcluster-object
mcast-224.0.0.18
vrrp
igmp
Accept
Source Destination Service Action
Firewalls
fwcluster-object
mcast-224.0.0.18 vrrp
igmp
Accept