Table of Contents
Advertisement
4
Source
cluster-all-ips
Note
The object for VRRP is not the same as the gateway cluster object for HA. Accordingly, in
this example, the gateway cluster object is designated fwcluster-object.
Where:
cluster-all-ips
fwcluster-object
mcast-224.0.0.18
host.
Configuration Rules for Check Point NGX FP2 and Later
Locate the following rule above the Stealth Rule:
Source
Firewalls
fwcluster-object
Where:
Firewalls
fwcluster-object
mcast-224.0.0.18
Configuring Rules if You Are Using OSPF or DVMRP
All of the solutions in
Rules for Check Point NGX FP2 and Later"
If your appliances are running routing protocols such as OSPF and DVMRP, create new rules for
each multicast destination IP address.
Alternatively, you can create a Network object to represent all multicast network IP destinations
by using the following values:
Name:
IP:
Netmask:
You can use one rule for all multicast protocols you are willing to accept, as shown below:
200
Destination
fwcluster-object
mcast-224.0.0.18
is the Workstation object you created with all IPs.
is the Gateway Cluster object.
is a Workstation object with the IP address 224.0.0.18 and of the type
Destination
mcast-224.0.0.18
is a Simple Group object containing the firewall objects.
is the gateway cluster object.
is a Node Host object with the IP address 224.0.0.18.
"Configuration Rule for Check Point NGX FP1"
MCAST.NET
224.0.0.0
240.0.0.0
Service
vrrp
igmp
Service
vrrp
igmp
are applicable for any multicast destination.
Nokia Network Voyager for IPSO 4.0 Reference Guide
Action
Accept
Action
Accept
and
"Configuration
Advertisement
Table of Contents
Troubleshooting
