[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] New CheckPoint 4-1 Installation on Sun-E250
Stephanie, I didn't see that you received an answer on this. Is it still an issue? I haven't used CPHA, but I'll try and see what I can screw up for'ya. Well, anyways... I'll start with your question #2. It's always in your best interest to be working with the same version where possible. Any features/anomalies(e.g. bugs) that are present will generally appear in the same fashion. #1. The errors you've received are because your systems are unable to authenicate properly with each other. Redo your putkeys, making sure you use the interface(s) that the fw's and mgr communicate over. Did you get these systems working properly, before persuing the HA? See http://www.phoneboy.com/fw1/faq/0038.html, http://www.phoneboy.com/fw1/faq/0258.html and page 18 of the EntGS.pdf doc on the CP CD for some similar/more info. #3. This is like compiling programs. Don't attack the last error, go after the first and see what's happens on the next. You need to clear up the auth error. #4. cphaprob state (but I'm not sure on this one.) Robert >>> "Stephanie" <[email protected]> 12/8/00 9:07:04 AM >>> > >All- > >I recently installed CheckPoint VPN-1 & FireWall-1 version 4.1, build 41716 >on one firewall and installed CheckPoint VPN-1 & FireWall-1 >version 4.1, build 41489 on the other firewall. HA will be running between >these two firewalls. The management station (NT) is running version >4.1, build 41484. I tried to install a security policy from the management >station to each firewall but the installation failed. I received the >following error messages: > >"Downloading Security Policy /opt/CPfw1-41/conf/<file name>.pf to MyFW1" >"Authentication for command load failed" >"Failed to Download Security Policy on MyFW1: Unauthorized action. >Installing Security Policy on MyFW1 failed" > >Questions: >---------- >1. What do these error messages mean? > >2. Is it necessary to have the same build version on both firewalls and the >management station? If so, what's the difference between builds > 41716, 41489, and 41484? > >3. How can I tell if HA is running and working between these two firewalls? >I get the following output from running "fw hastat" on each > firewall: > > HOST NUMBER HIGH AVAILABILITY STATE >MACHINE STATUS > MyFW1 - localhost 2 not active >initializing > HOST NUMBER HIGH AVAILABILITY STATE >MACHINE STATUS > MyFW2 - localhost 1 active >initializing > >4. How can I look at State information being passed between these two >firewalls? I don't think HA is working between them. > >TIA, >Stephanie - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|