Create a Post
Showing results for 
Search instead for 
Did you mean: 

VRRP VIP is not responding.

I have configured VRRP cluster on R77.30. fw virtual ip addresses are in primary and the fw2 is in backup state. I used virtual IPs as the default gateway. Packets are allowed through the firewall but VIP is not responding to any packets. No logs in smartview tracker. I can log in from the same client to firewalls using firewall interface IP. I ran Wireshark on pc and I can see that pc is sending packets to firewall's vrrp ip. However, when I ran tcpdump I could not see any packet. Could you please assist.

one more question too:  I have configured 3 VIPs. I can see that firewall is sending ccp packets on those interfaces too. not just sync interface. Is it normal behaviour? if so, is it secure?

2 Replies

I see that you posted a message about VRRP earlier, then deleted it.

It would be interesting to understand why you ran into that specific issue with VRRP and "local address spoofing."

Generally speaking you do not connect to the VIP, but through it (e.g. as a next hop).

For what reason do you wish to connect to the VIP?

CCP packets on all interfaces is normal and is part of ClusterXL.

Yes, you're using VRRP, but parts of ClusterXL are still used (e.g. for sync).

These packets are unencrypted, but they should only visible on the local subnet.

0 Kudos

A number of questions:

  • did you enable Cluster membership in cpconfig?
  • what do you see as state when you run cphaprob stat?
  • do you see the VIP's when you do a show vrrp interfaces
  • do you see  the MAC address from the previous command when you ping the VIP from a machine on the network connected to the gateway and do a arp -an
  • What is the reason that you say it is not responding on the VIP?
Regards, Maarten


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events