[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] objects.C same on mgmt server as fw module?
I have: FW-1 v4.1 SP2 installed. Management Server on Solaris 7 machine and Firewall Module on separate Solaris 7 machine. Is the objects.C file which one edits on the Management Server supposed to propogate entirely to the Firewall module? Or is the objects.C file which exists on the separate Firewall module different, but with some similar content? Are only some changes to objects.C on the Management Server supposed to propogate to the Firewall module or is any change to the file on the Mgmt server supposed to propogate to the FW? In trying to track down the source of some problems I'm experiencing, I've noticed that the objects.C file on my Management Server has dramatically different sections than my Firewall, and further that at least some -- perhaps all -- recent changes I've been making are not propogating from the Management Server to the Firewall module. Is this an indication of a problem? It wasn't until later that I came across more complete instructions on what to do prior to editing objects.C, so I did corrupt objects.C initially on the Management Server, but I caught the corruption, restored a prior copy of objects.C on the Management Server and proceeded again. It's possible the corruption propogated to the Firewall module (since I had pushed policy before catching the corruption) and I never caught it until now. If the objects.C file on my FW module is corrupted, does anyone have suggestions for repairing it? Is there a log file where I should look in to see evidence of parsing errors, syntax errors, corruption while reading in these configuration files? Thanks in advance for your help. Here are the general differences between the two objects.C files I've observed: * The FW module objects.c doesn't have anything in its netobj() section except "menu_selection". So there is no gateway object for the firewall itself as there is in the Mgmt server. The Mgmt server has plenty of content in this section. * The FW module doesn't have any content in its servers() section, whereas Mgmt does. The props() section has the most differences. * The undo_msg() addition I made exists on the Mgmt server but not on the FW objects.C * On the FW module, several options do not enclose values in parenthesis, e.g.: :domain_udp false :domain_tcp false :loopudp true :looptcp true :established true :outgoing true :icmpenable false :ftpdata true :ftppasv true Is this considered a syntax error? * FW has ftp_allowed_cmds() but Mgmt does not. * Mgmt has content in the ipoptslog() section, whereas FW does not. * Mgmt server has: :warn_install_pseudo_rules (false) :fw1enable_p (first) :desktop_password_expiry (15) :desktop_cache_fwz_passwords (false) :enable_ip_pool (true) :anti_spoofing_warning (false) :telnet_msg () :ftp_msg () :clnt_auth_msg () :rlogin_msg () :smtp_msg () :IPSEC_SPI_alloc_min (100) :IPSEC_SPI_alloc_max (ffff) But FW does not. * FW has exportableskip (true), but Mgmt has exportableskip (false) * FW has no content in netobjadtr() whereas Mgmt does have content. * fwrand_seed1 and fwrand_seed2 contain different values between the Mgmt and FW (probably to be expected?) * Mgmt server contains rand_session_done() and a LOCALSIGN section as well as skip_encryption_methods section, isakmp_sr_encryption_methods and other encryption methods. FW module has none of those. __________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|