Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
net-harry
Collaborator

no_hide_services_ports

Hi,

I have a question about "no_hide_services_ports" located in the table.def files.

Besides the default ports we have added NTP, SNMP Trap, Syslog and RADIUS services to "no_hide_services_ports", so that the real IP is used instead of the virtual address for these protocols. Otherwise they do not work correctly on the standby cluster members.

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>, <123, 17>, <162, 17>, <514, 17>, <1812, 17>, <1813, 17> };


It seems strange that we need to modify the table.def files to achieve this and I wonder if we are perhaps missing a default setting that we for some reason have disabled.

Please note that we do not have "Accept outgoing packets originating from Gateway" defined in Global Properties.

We are running R80.20 take 183.

Thanks for your help!

Best regards,

Harry

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Possible not having that setting enabled might be causing this.
It's also possible this is a bug and the TAC may need to be consulted.

0 Kudos
net-harry
Collaborator

Thanks for the information @PhoneBoy !

It would be interesting to know if other admins leave "Accept outgoing packets originating from Gateway" enabled. We try to explicitly allow only required traffic and also avoid using implied rules as much as possible. I would appreciate feedback from the community regarding this.

We will also open a TAC case to see if using the virtual IP for NTP, RADIUS, Syslog and SNMP trap is the expected behavior when "Accept outgoing packets originating from Gateway" is not checked.

Thanks for your help!

Best regards,

Harry

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events