NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Nokia VPN


Hey Joel

Thanks for responding. I forgot to mention about the license. The old license is gone and it only shows one. As far as I can tell everything is the same as what we were given. Now I guess there could be a feature that we need and they didn't give us in the license. I can check that out on Monday with the folks at checkpoint.
Yes the Ip address is correct in the gui_clients file. Everything that I can see looking around at the IPSO level and the voyager all the IPs are the new one, but I'm figuring there is some place I missed looking in the IPSO.
rant
I want to know why they didn't add pg to IPSO. I really find doing a cat file |more very annoying, when I could just do pg file and have the same results. /rant

Thanks for the suggestions. I'll check out the license features to see if that might help.

cee

Date: Sat, 24 Feb 2001 17:59:14 -0500
To: Camille Edge <[email protected]>
From: Joel Turoff <[email protected]>
Subject: Re: [FW1] Nokia VPN

Camille:

If you do an fw printlic, does it just report one license, or is the old
license still present.  I've seen licenses get installed and conflict with
the old license, so whenever I install a new license over an old one, I use
the -overwrite switch to make sure that the new license overwrites any
existing licenses.

Also, when you print out the license information, make sure that all the
correct features are there - perhaps your missing a feature that is
preventing your gui from connecting.

Make sure that you have the IP address of your policy editor workstation in
the $FWDIR/conf/gui-clients file or it won't be permitted to connect.
Also, using the other gui's, make sure that the network objects are correct
and reflect the new IP addresses.

Hope this helps.

Joel

At 07:41 PM 2/24/01 -0500, you wrote:


Hi all

I'm hoping someone here can help me.  I have a Nokia box that we had
started the process of getting setup including giving IPs and such
and setup a rule base.  We even got to test it out a bit and were
ready to bring it on line.  The problem came up when our ISP stopped
providing DSL service.  Since that time we have gotten a new ISP and
are trying to get the Nokia setup with all their IP information.

We can connect to it using hyperterminal and make changes using
cpconfig.  We can also connect using the web gui (Voyager) and make
changes there as well.  But in the new IP address info and such.
However, when we try to connect to it via the policy editor gui to
give it a new policy with new objects and such, the policy editor
doesn't connect.

We have installed a new license with the new IP address.
We cleared out the old info in $FWDIR/database/fwd.h & fwd.hosts so
that the old IP aren't there when you run fw lichosts command.
We did try running the fw unload of the policy, but still can't
access the nokia via the policy editor gui to make any rule changes.
We cleared out the $FWDIR/state directory as well of all the local.*
files 
It can resolve it's name ok and there is nothing old still in the arp
table.  The etc/host file is correct.
The DNS servers are also updated to the new ISP info.
One thing I noticed was the $FWDIR/conf/sync.conf file was empty so
we added the gui ip to it.  The $FWDIR/conf/gui_clients file was also
empty even though we had entered/applied/saved this info via voyager.
Also ran fwm and added a user that can make changes since none were
listed.
The Nokia box has been rebooted several times.  We have also run
fwstop and fwstart as well.

Also if I look in the log files, the message "cannot locate my
network object" keeps appearing.  I'm thinking that even though we
have made the Ip changes, there is still some place the info is
stored.  But for the life of me I can't find it.  Any suggestions
would be helpful.  I did look at
<http://www.phoneboy.com/fw1/faq/0178.html> which talks about this
problem but doesn't tell how to change if the Gui isn't working.  I
also noticed when searching <http://msg.SecurePoint.com> that it
suggested if you can't access it via the gui then "Accept FW1 Control
connection" might be turned off.  I looked all over via voyager and
couldn't find this anywhere.  Does anyone know if this might be the
problem and where I check?

Sorry this is so long but I wanted to give as much info as I could
that someone might ask.
Any help you can give would be great.  I've searched phoneboy,
checkpoint, securepoint, yahoogroups, nokia and a few other websites
I can't remember trying to find out more info, but nothing seems to
work.  I'm thinking the only thing left is to figure out how to blow
away the all the config info and start again, but not sure how to do
that.  Of course that is my last resort so I thought I'd ask you guys
first.

Thanks

cee 


================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.