We have an extranet segment on our network that connects to several customer networks to allow secure access to our resourses. These routers are not managed by us. We are upgrading our firewalls (checkpoint running in load balancing mode) to a Checkpoint HVA pair. I was not around when the first pair were put in, but apparently, a static arp entry needed to be put in each of our 3rd party routers that mapped the VIP IP address on the firewalls to a multicast mac address that the firewalls would respond to. In the HVA configuration, the need for this goes away. My problem is the inability to get the static arp entries out of all of the 3rd party routers at the same time. This will be something that will have to happen over a few weeks. Keeping in mind that I have several NAT addresses on the firewall, is there a way to convert the multicast mac address being used by the 3rd party routers to the unicast mac address in use by the VIP on the firewalls.
So presumably the 3rd party routers ARPd for the firewall VIP mac, the firewall responded and there was a problem so there had to be a static arp entry... and this was a multicast mac address 0x0100.5E...etc..? seems strange, why do you think this had to be a multicast mac address?
If you can't control the 3rd party routers I think you're going to struggle.
I wasn't around when the first firewalls were set up, but this is what I have been told. I have put up a sniffer and watched traffic going to several of my NAT addresses and they are using a multicast mac as the destination mac.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...