[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Helpful information for trouble shooting!!
We have had an interesting last couple of days. I am sending this out just in case some one else has ever had these problems. Problem #1: We made a change to a time object for one of our rules. Unbeknownst to me there is a known bug with CheckPoint that is "time objects over 21 characters cause the policy to blow up." If you see the following error message this is what we got originally when we made the change and attempted to push the policy: "/opt/CKPfw/tmp/local.ft", line 423: Multiple type for table are illegal Cannot get Security Policy from local: No such file or directory Problem #1 fix: Delete the object out of everything and then push the policy out. It works.... Problem #2: Opened up the GUI and look at the rule base and saw a temp fw policy that stated: any any any accept gateway Put a little scare in me at first. I did a file/open to look at one of the old files and did not see anything. Put a little bigger scare in me! Did not really know what was going on so I did a telnet into the management server to see if the real policy was still there, it was. Did an fwstop and fwstart but it did not seem to work. Called CheckPoint and this what I got, it worked and the person from CheckPoint was extremely helpful. (Kudo's to CheckPoint support for this one) Problem #2 fix: 1) telnet to management server 2) # cd $FWDIR/bin 3) # ./fwstop 4) # ./fwm -g [firewall policy name.W] 5) you should see: # Converting File '[firewall policy name.W' ... # Total of 1 files converted successfully. 6) # ./fwstart 7) Go back to the GUI and do a file/open. 8) You should see [firewall policy name] 9) Open it and push it out if you need to. 10) Your done!!!!! Hopefully this helps someone at some time. Thanks to all on the list who have helped me over the months..... Joseph L. Cosgriff Carolina Power and Light Firewall Administrator Work:Pager:Fax:Cell:[email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|