[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Sec Policy download : Authentication failures
Hi all, I am facing a problem with regards to authentication, I have read quite some entries on Phoneboy, some from other knowledge bases but am not able to find what goes wrong. The problem : A remotely managed Firewall is not able to fetch it's security policy from a Management Server, nor is the Management Server able to download the Security Policy to the Firewall module Configuration : Fw-A is ... let's say 1.1.1.1 on the outside and 2.1.1.1 on the inside, behind Fw-A I have my Management Server with address 2.1.2.2 that I Nat to 1.1.1.2 let's say May be important to say that this means that Fw-A internal and Mgmt Srv have a router between them. Fw-B has IP address 3.1.1.1 Hardware : Firewall are Nokias ... IPSO 3.3 + fw-1/vpn-1 V4.1-SP2 Mgmt Srv : Win Nt 4.0 + Fw-1/vpn-1 V4.1-SP2 When I try to fw fetch 1.1.1.2, from Fw-B, I get the Authentication Failed message, which means that the Fw-B could talk to my Management Server. What's strange is that if I do a fw fetch -d ... is that I will use fwa1 authentication method but my peer is 2.1.2.2 and not 1.1.1.2, my masters file on this Firewall contains 1.1.1.2 When I try to download my security from the management server, I get a download failed + unauthorized action ( I checked the Phoneboy faqs 189 and 38, but they don't seem to help) I have defined in the hosts file the Fw-A - Fw-B - Mgmt Srv - Mgmt Srv Nat Last the Fw-B and Fw-A are defined in the clients file .... I tried to reconfigure the Firewall, remove and add the clients, rebooted ... don't know what to do anymore. Thank you for any advise/experience you may have/had. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|