NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Warning: Cannot get address...



Have you installed SNMP agent ?

----- Original Message -----
From: itpro <[email protected]>
To: <[email protected]>
Sent: 08 March 2001 17:32
Subject: [FW1] Warning: Cannot get address...



Hi list!
 We have a problem with a distributed FW-1 installation consisting of 2 FW-1
modules and a manager (NT4.0). In the original constallation there only was
one
module. Compilation and Installation of the rulebase (including NAT, Auth
and
Encryption rules) went on quickly and without problems. After creating the
second FW-1 object and a separate rulebase for the second module (also
including NAT rules) none of the two rulebases installs properly. Installing
takes a very long time and we get the following warnings:

___WARNING_____
fw-module1.W: Security Policy Script generated into fw-module1.pf
fw-module1:
"C:\WINNT\FW1\4.1\conf\fw-module1.pf", line 4337: WARNING: cannot get
address
of host <fw-module2>
"C:\WINNT\FW1\4.1\conf\fw-module1.pf", line 4337: WARNING: will not create a
value table for <target_list63>
Compiled OK.

Downloading Security Policy C:\WINNT\FW1\4.1\conf\fw-module1.pf to
fw-module1
Downloading to fw-module1 succeeded

Installing Security Policy C:\WINNT\FW1\4.1\conf\fw-module1.pf on
all.all@fw-module1  Host fw-module1 did not complete
Installation (connection timeout)
installing Security Policy on fw-module1 failed

Done.

___WARNING_____


The warning "cannot get addres.." always refers to the
module the rulebase is not currently being installed on. Although there is a
connection timout and the message "Installing ... failed"  the rulebase
seems
to be active on the module. Trying to fetch the Security Policy directly
from
the module also takes a very long time to complete.   We get a similar
warning
when installing the other module´s policy.

Is it necessary for the modules to "know" each other?

This Problem does not occur if we add routing entries so that the two
modules
can contact each other over their internal interfaces. It seems not to be
sufficient for the modules to see each other over the external default
gateways.

Thanks in advance!

Max


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.