Re: [FW-1] Pings between cluster members

[Gildas Coutansais [Permanent Link]]

HI,
When I was in checkpoint formation, We have seen there was a lot of ICMP paquet 
between the ClusterXL's members.
In VRRP nokia cluster, I have never seen this.

If you use the Implied Rules, ICMP can be allow without you see it.

Regards,
Gildas


-----Message d'origine-----
De : GoddardM AT SCHNEIDER DOT COM [mailto:GoddardM AT SCHNEIDER DOT COM]
Envoyé : jeudi 26 août 2004 15:53
À : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Objet : Re: [FW-1] Pings between cluster members


This is interesting to me; what type of Cluster are you running and in what
configuration? We have several ClusterXL clusters and did not have to
create any rule for ICMP. Then again, ClusterXL uses CCP which uses UDP.
I'd be interested to know more about the cluster software you are running,
of all the software I know of (Stonebeat, Rainfinity, Nokia VRRP, etc).

-Matt



|---------+-------------------------------------------->
|         |           Salomé Reíllo <sreillo AT SISTEL DOT ES>|
|         |           Sent by: Mailing list for        |
|         |           discussion of Firewall-1         |
|         |           <FW-1-MAILINGLIST AT AMADEUS.US DOT CHEC|
|         |           KPOINT.COM>                      |
|         |                                            |
|         |                                            |
|         |           08/26/2004 12:59 AM              |
|         |           Please respond to Mailing list   |
|         |           for discussion of Firewall-1     |
|         |                                            |
|---------+-------------------------------------------->
  
>----------------------------------------------------------------------------------------------|
  |                                                                             
                 |
  |       To:       FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM           
                        |
  |       cc:                                                                   
                 |
  |       Subject:  Re: [FW-1] Pings between cluster members                    
                 |
  
>----------------------------------------------------------------------------------------------|




Thanks very much. I knew what ICMP packets were, but I was asking about the
use of this packets between the members of a cluster (about the use of ICMP
packets in that case). I wanted to know the need of this packets because I
had to add a specific rule to permit this traffic in order to avoid dropped
packets.

Thanks in advance.
----- Original Message -----
From: "Jerry Eblin" <Jerry.Eblin AT RRSC DOT COM>
To: <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
Sent: Wednesday, August 25, 2004 6:53 PM
Subject: Re: [FW-1] Pings between cluster members


> ICMP (internet control message protocol) packets are used for a variety
of
> reasons. Normally they include messages or queries regarding the
operation
> of a network. Some of the more used types of ICMP packets are as follows:
>
> ICMP requests:                happens when you "ping" an IP address
>
> ICMP replies:                 is the response generated by the
destination
> address in response to an ICMP request
>
> Destination Unreachable:      is the response generated by the end
> gateway/router/etc when the network/host  you are trying to reach is
> unavailable
>
>
> If you do a search for RFC792, you can get more information on the types
of
> packets used in an ICMP packet. I hope this helps you.
>
>
>
>
>              Salomé Reíllo
>              <sreillo AT SISTEL DOT E
>              S>
To
>              Sent by: Mailing
FW-1-MAILINGLIST AT AMADEUS.US DOT CHECKPO
>              list for                  INT.COM
>              discussion of
cc
>              Firewall-1
>              <FW-1-MAILINGLIST
Subject
>              @AMADEUS.US.CHECK         [FW-1] Pings between cluster
>              POINT.COM>                members
>
>
>              08/24/2004 04:36
>              AM
>
>
>              Please respond to
>              Mailing list for
>                discussion of
>                 Firewall-1
>              <FW-1-MAILINGLIST
>              @AMADEUS.US.CHECK
>                 POINT.COM>
>
>
>
>
>
>
> Hi everybody. Does anyone know why I am having ICMP packets between
cluster
> members. I have had to add a rule to permit ICMP packets between members
> cluster in order to have the cluster working. Do you know why it is
> happening this?
> What are this ICMP packets used for?
>
> Thanks in advance.
>
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================