NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Warning: Cannot get address...



Hi list!
 We have a problem with a distributed FW-1 installation consisting of 2 FW-1
modules and a manager (NT4.0). In the original constallation there only was one
module. Compilation and Installation of the rulebase (including NAT, Auth and
Encryption rules) went on quickly and without problems. After creating the
second FW-1 object and a separate rulebase for the second module (also
including NAT rules) none of the two rulebases installs properly. Installing
takes a very long time and we get the following warnings:   

___WARNING_____  
fw-module1.W: Security Policy Script generated into fw-module1.pf 
fw-module1:
"C:\WINNT\FW1\4.1\conf\fw-module1.pf", line 4337: WARNING: cannot get address
of host <fw-module2> 
"C:\WINNT\FW1\4.1\conf\fw-module1.pf", line 4337: WARNING: will not create a 
value table for <target_list63>  
Compiled OK.   

Downloading Security Policy C:\WINNT\FW1\4.1\conf\fw-module1.pf to fw-module1  
Downloading to fw-module1 succeeded 

Installing Security Policy C:\WINNT\FW1\4.1\conf\fw-module1.pf on
all.all@fw-module1  Host fw-module1 did not complete
Installation (connection timeout)
installing Security Policy on fw-module1 failed
 
Done.                               

___WARNING_____   


The warning "cannot get addres.." always refers to the
module the rulebase is not currently being installed on. Although there is a
connection timout and the message "Installing ... failed"  the rulebase seems
to be active on the module. Trying to fetch the Security Policy directly from
the module also takes a very long time to complete.   We get a similar warning
when installing the other module´s policy.  

Is it necessary for the modules to "know" each other?        

This Problem does not occur if we add routing entries so that the two modules
can contact each other over their internal interfaces. It seems not to be
sufficient for the modules to see each other over the external default
gateways.     

Thanks in advance!

Max


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.