[mcnallym]

Just how will encrypting the VRRP password prevent an internal attack?

The only option I have seen is a simple password which is clear text, or no authentication at all, and as Nokia say the password doesn't prevent people from going master-master environment anyway so really no point having a password for the vrrp anyway.

As the check point software will require any vrrp updates to be allowed by the security policy then to compromise the vrrp then they will already have to have compromised the Check Point SMARTCenter login, and if they have done that then the VRRP is the least of your worries as they can do whatever they want to the security policy anyway.