[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Adding new modules to management station - risks with Putkey?
The fw putkey procedure has absolutely no impact on any other firewalls in production. It strictly enables the remote firewall module to communicate with its management/master console. Also, during the Nokia installation, there is a point when the installation process will perform the fw putkey for you. What remains is that you perform the fw putkey on the management/master console, as well. As Lance Spitzner correctly points out (and is true through experience), make sure you run an fwstop command on the management console BEFORE running fw putkey -> remote firewall module. Once the key exchange is completed, you may then push policies to the remote firewall module and the remote firewall module will send logs to the master console. David C. Diemer, CCSA, CNE Enterprise Security Firewall Engineer Georgia Department of Administrative Services (DOAS) [email protected]>>> <[email protected]> 10/13/00 08:45AM >>> Hi all. Next week I'm going to have to introduce an additional two Nokia 650's into our environment. Whilst I'm happy with the day to day stuff, this will be the first time I've installed brand new devices (other than in single g/w configurations). To interact with our existing management station, I understand that I will need to go through the "fw putkey" procedure across all the firewall modules to be managed (this will increase the number to eight). My question is in the event that this procedure does not go smoothly, what could be the impact on the existing modules? Presuambly they'd continue to enforce their currently loaded policy, but logging and futher policy fetches from the management station would fail until the password synchronization was completed successfully? I guess the question is, what could break, and what's the best way to minimize the risk? Regards ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|