| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] objects.C same on mgmt server as fw module?
I have:
FW-1 v4.1 SP2 installed. Management Server on Solaris
7 machine and Firewall Module on separate Solaris 7
machine.
Is the objects.C file which one edits on the
Management Server supposed to propogate entirely to
the Firewall module? Or is the objects.C file which
exists on the separate Firewall module different, but
with some similar content? Are only some changes to
objects.C on the Management Server supposed to
propogate to the Firewall module or is any change to
the file on the Mgmt server supposed to propogate to
the FW?
In trying to track down the source of some problems
I'm experiencing, I've noticed that the objects.C file
on my Management Server has dramatically different
sections than my Firewall, and further that at least
some -- perhaps all -- recent changes I've been making
are not propogating from the Management Server to the
Firewall module.
Is this an indication of a problem? It wasn't until
later that I came across more complete instructions on
what to do prior to editing objects.C, so I did
corrupt objects.C initially on the Management Server,
but I caught the corruption, restored a prior copy of
objects.C on the Management Server and proceeded
again. It's possible the corruption propogated to the
Firewall module (since I had pushed policy before
catching the corruption) and I never caught it until
now.
If the objects.C file on my FW module is corrupted,
does anyone have suggestions for repairing it?
Is there a log file where I should look in to see
evidence of parsing errors, syntax errors, corruption
while reading in these configuration files?
Thanks in advance for your help.
Here are the general differences between the two
objects.C files I've observed:
* The FW module objects.c doesn't have anything in its
netobj() section except "menu_selection". So there is
no gateway object for the firewall itself as there is
in the Mgmt server. The Mgmt server has plenty of
content in this section.
* The FW module doesn't have any content in its
servers() section, whereas Mgmt does.
The props() section has the most differences.
* The undo_msg() addition I made exists on the Mgmt
server but not on the FW objects.C
* On the FW module, several options do not enclose
values in parenthesis, e.g.:
:domain_udp false
:domain_tcp false
:loopudp true
:looptcp true
:established true
:outgoing true
:icmpenable false
:ftpdata true
:ftppasv true
Is this considered a syntax error?
* FW has ftp_allowed_cmds() but Mgmt does not.
* Mgmt has content in the ipoptslog() section, whereas
FW does not.
* Mgmt server has:
:warn_install_pseudo_rules (false)
:fw1enable_p (first)
:desktop_password_expiry (15)
:desktop_cache_fwz_passwords (false)
:enable_ip_pool (true)
:anti_spoofing_warning (false)
:telnet_msg ()
:ftp_msg ()
:clnt_auth_msg ()
:rlogin_msg ()
:smtp_msg ()
:IPSEC_SPI_alloc_min (100)
:IPSEC_SPI_alloc_max (ffff)
But FW does not.
* FW has exportableskip (true), but Mgmt has
exportableskip (false)
* FW has no content in netobjadtr() whereas Mgmt does
have content.
* fwrand_seed1 and fwrand_seed2 contain different
values between the Mgmt and FW (probably to be
expected?)
* Mgmt server contains rand_session_done() and a
LOCALSIGN section as well as skip_encryption_methods
section, isakmp_sr_encryption_methods and other
encryption methods. FW module has none of those.
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
