 VRRP duplicate VIP sourced from standby physical MAC
I am a Checkpoint noob (very familiar with PIX/ASA) just thrown into this thing with no vendor support, so I'm trying to grind my way through this but haven't been successful yet.
I'm running R62 with IPSO 4.2. I have four VRRP interfaces. 3 work fine. However, my internet facing one has problems. Whenever I push the policy, traffic fails through the firewall and I see an log stating there is a duplicate IP. This IP is my VIP for the internet. It sees the VIP sourced from the physical MAC of the secondary firewall. When I push policy a second time, it works fine (but still see the duplicate IP log message).
Isn't VRRP supposed to source the Virtual IP from the virtual MAC?
I also have problems with a redirect rule. port 80 is supposed to be denied and redirected to port 443. This works "intermittently." When it works I see the packet hit the firewall and immediate response and redirect. when it fails, i see the packet hit the firewall and "disappear," no response at all, just like the firewall dropped it, except I can't find any log detailing it ever hit the firewall.
When this is not working, you can manually specify 443 and it works fine... so port 443 works all the time... redirect on port 80 works off and on..
Any suggestions/help is much appreciated.
Thanks!  | 
VRRP duplicate VIP sourced from standby physical MAC 
2008-02-06 
Linear Mode
