NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] 4.1-SP2 Management Server problem



Hi,

I'm not sure on how to debug the firewall but here are the steps that I
would take and have worked several times:

*	Ensure that DNS resolves FWb on FWb and the External Address of the
management module to the object names
*	Stop the management station
*	Stop the FW module on FWb
*	do 'fw putkey <ext. IP of FWb>' on the management station (then
enter the secret key)
*	on FWb, do 'fw putkey <int IP of mgmt> <ext IP of management>'
*	Start management module
*	Start FWb module
*	In the 'masters' file on FWb, make sure you have the ext. IP address
(or host name) of the management module and the internal address of the
management module

I hope this is of some use.

regards,

simon

-----Original Message-----
From: Roelandts, Guy [mailto:[email protected]]
Sent: 18 February 2001 19:53
To: '[email protected]'
Subject: [FW1] 4.1-SP2 Management Server problem



Hi all,

   I am currently facing a problem with a new installation.

   In fact I have a Management Server sitting behind a Firewall,
 let's call them MGMT and FWa, this management server serves also
 another Firewall, let's call him FWb.

   Between MGMT and FWa everything works fine, Fwb can fetch it's
 security policy from MGMT, but MGMT fails to push the security
 policy to FWb. I get the message : Authentication failed for
 command load, I am almost 100% sure this is a key issue, because
 when I disable the authentication, by modifying the control.map,
 everything works fine.

   I have done, re-done and re-done again the putkeys on both MGMT
 and FWb ... but it still fails, I have read quite some posting from
 the CheckPoint support site, from this mailing list archives and also
 from the Phoneboy site ... but still problems. I have re-installed
 the Firewall from scratch, removed the keys on both systems by
 editing the authkeys.C files, I have removed the client from the
 clients file of MGMT and removed the management server from the masters
 file on FWb 

    Last thing that might be important MGMT is NATted, statically of course.

   Three questions : 

  1. is there a way to debug this ? I know you can fw fetch -d, but is
     there a way to do it the other way in debug mode ?

  2. just to be sure, what is the exact syntax of the fw putkey command to
     use on both systems ? I found several different ones 
  
  3. is there a place on either MGMT or FWb where I could look for a
     hint ? an error ?

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


________________________________________________________________
The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.

Thank you,
Standard & Poor's


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.