[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Helpful information for trouble shooting!!

To: "'[email protected]'" <[email protected]>
Subject: [FW1] Helpful information for trouble shooting!!
From: "Cosgriff, Joe" <[email protected]>
Date: Wed, 20 Sep 2000 08:52:57 -0400
Sender: [email protected]


We have had an interesting last couple of days.  I am sending this out just
in case some one else has ever had these problems.
Problem #1:
We made a change to a time object for one of our rules.  Unbeknownst to me
there is a known bug with CheckPoint that is "time objects over 21
characters cause the policy to blow up."  If you see the following error
message this is what we got originally when we made the change and attempted
to push the policy:

"/opt/CKPfw/tmp/local.ft", line 423: Multiple type for table are illegal
Cannot get Security Policy from local: No such file or directory
Problem #1 fix:
Delete the object out of everything and then push the policy out.  It
works....

Problem #2:
Opened up the GUI and look at the rule base and saw a temp fw policy that
stated:
any any any accept gateway
Put a little scare in me at first.  I did a file/open to look at one of the
old files and did not see anything.  Put a little bigger scare in me!
Did not really know what was going on so I did a telnet into the management
server to see if the real policy was still there, it was.  Did an fwstop and
fwstart but it did not seem to work.  Called CheckPoint and this what I got,
it worked and the person from CheckPoint was extremely helpful.  (Kudo's to
CheckPoint support for this one)

Problem #2 fix:
1)  telnet to management server
2)  # cd $FWDIR/bin
3)  # ./fwstop
4)  # ./fwm -g [firewall policy name.W]
5)  you should see:
    #	Converting File '[firewall policy name.W' ...
    #	Total of 1 files converted successfully.
6)  # ./fwstart
7)  Go back to the GUI and do a file/open.
8)  You should see [firewall policy name]
9)  Open it and push it out if you need to.
10) Your done!!!!!

Hopefully this helps someone at some time.  Thanks to all on the list who
have helped me over the months.....

Joseph L. Cosgriff
Carolina Power and Light
Firewall Administrator
Work:Pager:Fax:Cell:[email protected]



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] fw-1 as web proxy
Next by Date: [FW1] Licenses/encryption problem.
Prev by thread: [FW1] fw-1 as web proxy
Next by thread: [FW1] Licenses/encryption problem.
Index(es):
- Date
- Thread