Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Adding new modules to management station - risks with Putkey?

To: <[email protected]>, <[email protected]>
Subject: Re: [FW1] Adding new modules to management station - risks with Putkey?
From: "David C. Diemer" <[email protected]>
Date: Fri, 13 Oct 2000 11:25:11 -0400
Sender: [email protected]

The fw putkey procedure has absolutely no impact on any other firewalls
in production.  It strictly enables the remote firewall module to communicate
with its management/master console.

Also, during the Nokia installation, there is a point when the installation
process will perform the fw putkey for you.  What remains is that you
perform the fw putkey on the management/master console, as well.  As
Lance Spitzner correctly points out (and is true through experience), make sure
you run an fwstop command on the management console BEFORE running
fw putkey -> remote firewall module.

Once the key exchange is completed, you may then push policies to the
remote firewall module and the remote firewall module will send logs to 
the master console.


David C. Diemer, CCSA, CNE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
[email protected]>>> <[email protected]> 10/13/00 08:45AM >>>

Hi all.

Next week I'm going to have to introduce an additional two Nokia 650's into
our environment.  Whilst I'm happy with the day to day stuff, this will be
the first time I've installed brand new devices (other than in single g/w
configurations).

To interact with our existing management station, I understand that I will
need to go through the "fw putkey" procedure across all the firewall
modules to be managed (this will increase the number to eight).  My
question is in the event that this procedure does not go smoothly, what
could be the impact on the existing modules?  Presuambly they'd continue to
enforce their currently loaded policy, but logging and futher policy
fetches from the management station would fail until the password
synchronization was completed successfully?

I guess the question is, what could break, and what's the best way to
minimize the risk?

Regards




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] SYN logging
Next by Date: RE: [FW1] NT talking with NBNAME to whole world?
Previous by thread: [FW1] VPNightmare #2
Next by thread: [FW1] Remote Access for Staff.
Index(es):
- Date
- Thread