• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TMG and Firewall-1 CCP broadcasts

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG and Firewall-1 CCP broadcasts Page: [1]
Login
Message << Older Topic   Newer Topic >>
TMG and Firewall-1 CCP broadcasts - 2.Feb.2012 12:23:39 PM   
Rievax

 

Posts: 50
Joined: 13.Oct.2004
Status: offline
Hello Guys,

Using TMG2010 as a back-end firewall with a couple of some CheckPoint Firewall-1 applicances in the front. Those Firewall-1 units are using a Cluster Control Protocol to communicate:

http://updates.checkpoint.com/fileserver/SOURCE/direct/ID/5990/FILE/sk31085_Cluster_Control_Protocol_Functionality.pdf
--------------------------------------
CCP Transmission
Non-Secured Interfaces
For interfaces not defined as secured (non synchronization interfaces), CCP transmits it's packets by default with layer two multicast. The addressable fields are as follows:
Source MAC - 00:00:00:00:fe:<Source Machine ID>
Source IP - 0.0.0.0
Destination MAC - 01:00:5e:<cluster IP concatenation of bits 9-24>
Destination IP - network broadcast address
--------------------------------------

On the TMG side, I have IP Spoofing alerts, and then Denied Connections alert because of this broadcast from 0.0.0.0. There is absolutely nothing that can be done on the Firewall-1 side according to the administrator.
I was not seeing those messages and log entries under ISA 2004, but TMG 2010 is definitly not ignoring that!
Is there a way to make it ignore and not log this?

Thank you!
X.

< Message edited by Rievax -- 2.Feb.2012 12:25:19 PM >
Post #: 1
RE: TMG and Firewall-1 CCP broadcasts - 6.May2012 7:50:46 PM   
ilv2proxy

 

Posts: 1
Joined: 6.May2012
Status: offline
Hey we have the exact same issue had any luck stopping ISA from logging these drops? I am getting about 1.6Gb a day in my logs and cannot stop it.

(in reply to Rievax)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG and Firewall-1 CCP broadcasts Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts