Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Checkpoint Management Station

To: "'Mathias Wittwer'" <[email protected]>
Subject: RE: [FW1] Checkpoint Management Station
From: "Frost, Timothy E" <[email protected]>
Date: Fri, 26 Jan 2001 14:13:18 +1300
Cc: "'[email protected]'" <[email protected]>
Sender: [email protected]

Mathias,

Unauthorized action means that you haven't set a shared secret, using fw
putkeys.

On SGGW, run
	fw putkeys  <IP Addresses of HKGW>

and on HKGW, run
	fw putkeys <IP Addresses of SGGW>

And enter the shared key at the prompts

(You can pass it as a parameter on the command line, using '-p secret' )

This is necessary for remote modules, and not for the local module.

Tim

-- 
Timothy Frost			mailto:[email protected]
EDS New Zealand			Fax: +64-4-495-0473
8 Gilmer Terrace		Phone: +64-4-495-0504
P O Box 3647
Wellington
New Zealand


-----Original Message-----
From: Mathias Wittwer [mailto:[email protected]]
Sent: Friday, January 26, 2001 11:35 AM
To: '[email protected]'
Cc: 'Matthias Leu'
Subject: [FW1] Checkpoint Management Station



Hi ALL

Now I am completely confused...

CPoint Enterprise FW1sp2 is installed on all Nokia IP330/IP440 boxes. As you
said(?), the enterprise edition has a integrated Management Station. Does
that mean I am able to use one FW1 as my Management Station, modify with a
GUI client my role bases/objects ect. and role it out to all other FW1s?

If that is the case, what could I do wrong that I get a messages saying:

Test Environment:

Connected with GUI client to SGGW and try to write back the policy..

SGGW                  HKGW
FW1 ------------------ FW2
Management Station


Standard.W: Security Policy Script generated into Standard.pf
Standard:
Compiled OK.

Downloading...

Downloading Security Policy
/opt/pkg/FireWall-1-strong.v4.1.SP-2.ipso-3.3.F/conf/Standard.pf to HKGW
Authentication for command load failed
Failed to Download Security Policy on HKGW: Unauthorized action
Installing Security Policy on HKGW failed

Downloading Security Policy
/opt/pkg/FireWall-1-strong.v4.1.SP-2.ipso-3.3.F/conf/Standard.pf to
localhost(SGGW)
Downloading on localhost(SGGW) succeeded

Installing...

Installing Security Policy Standard on all.all@sggw
Installing Security Policy on localhost(SGGW) succeeded 

Thanks a lot!

Matt


-----Original Message-----
From: Matthias Leu [mailto:[email protected]]
Sent: Friday, 26 January 2001 7:52 a.m.
To: Alex
Cc: Mathias Wittwer
Subject: Re: [FW1] CP 4.1 Enterprise Management Station, any benefits?


Hi Alex,
never thought about managing external FW as service or so.
I understood the question of Mathias in this way: What's the benefit of a
separate or
second management-station in comparison with managing my (!) firewalls with
one
mangement-station. I surely know about the licensing issues and Provider-1.
Best regards
Matthias



Alex wrote:

> Mathias,
>
> You should think twice about licensing , before you get into functionality
and
> technical issues. According to CheckPoint, your Enterprise license is only
good for
> use within your company - you are NOT (legally) supposed to manage any
Firewalls not
> licensed under your company name ... If you want to manage Firewalls of
your clients
> or any other "outside" Firewall - you have to purchase Provider-1 ...
> Also, if you have Nokia boxes in HA configuration, you need to use
enterprise
> management license.
>
> Alex
>
> Matthias Leu wrote:
>
> > Hi,
> > it's an additional management-station, one is included in the FW-product
itself.
> > Some companies use two (or more) for fail-over reasons. The traffic is
logged
> > duplicate (as well as the alarms generated).
> > Best regards
> > Matthias
> >
> > Mathias Wittwer wrote:
> >
> > > Hi All
> > >
> > > Could somebody explain me in a few sentences, why I should spend
12000US$
> > > for a enterprise management Station? I do have at the moment 12 CP4.1
> > > firewalls running (NT4,Nokia IP330, IP440) in a mixed environment
(Company
> > > Network, ClientA, ClientB with 6 Nokia boxes)
> > >
> > > Benefits?
> > > Any URL available?
> > >
> > > Thanks a lot!
> > >
> > > Matt
> > >
> > >
============================================================================
====
> > >      To unsubscribe from this mailing list, please see the
instructions at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Web Surfing Authentication using NT Domains
Next by Date: RE: [FW1] Web Surfing Authentication using NT Domains
Previous by thread: [FW1] Checkpoint Management Station
Next by thread: [FW1] Checkpoint 2000 = 4.1?
Index(es):
- Date
- Thread