Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Security Policy Download Error

To: "'Yim Lee'" <[email protected]>, Chris Arnold <[email protected]>, Thuan Pham <[email protected]>, [email protected]
Subject: RE: [FW1] Security Policy Download Error
From: Thuan Pham <[email protected]>
Date: Fri, 27 Apr 2001 11:28:38 -0700
Sender: [email protected]

Title: RE: [FW1] Security Policy Download Error

Hello All:

Thank you for your all replies. Actually, I am able to resolve the problem last week. It turns out that I mistakenly NATed the network that connects to the secondary firewall with a public address. Firewall-1 does not like it since we are doing internal routing between the Management Console and the two FW-1 modules. The moment I took it out, everything works fine.

Once again, thank you for all of your responses.

Thuan Pham

-----Original Message-----
From: Yim Lee [mailto:[email protected]]
Sent: Monday, April 16, 2001 8:54 AM
To: Chris Arnold; 'Thuan Pham';
[email protected]
Subject: RE: [FW1] Security Policy Download Error

Add this
:fwd_conn_tout (90)

to $FWDIR/lib/setup.C

HTH

Yim
--- Chris Arnold <[email protected]> wrote:
> I get this fairly often but the policy is in fact
> properly installed. On
> the FW platform, try "$FWDIR/bin/fw stat" to compare
> time/date of the
> current installed policy with the last time you
> tried to push policy from
> the GUI.
>
> Alternatively, it really isn't being installed. On
> the FW platform, try
> "$FWDIR/bin/fwstop; $FWDIR/bin/fwstart" and watch
> the messages. Is the
> policy correctly fetched from the master(s)
> (management console)? If so,
> you could have a putkey issue so try reissuing the
> putkey for the management
> console on the FW module.
>
> Chris
>
> -----Original Message-----
> From: Thuan Pham [mailto:[email protected]]
> Sent: Wednesday, April 11, 2001 8:59 PM
> To: [email protected]
> Subject: [FW1] Security Policy Download Error
>
>
>
>         Hello All:
>
>         I have a question on Downloading the
> Security Policy to CP
> Firewall-1 modules:
>
>         When I am downloading the Security Policy
> from Management Module to
> one of the Firewall-1
>         Modules (enforcement points), I get the
> following error messages:
>
>         Standard.W: Security Policy Script generated
> into Standard.pf
>         Standard:
>         Compiled OK.
>
>         Downloading...
>
>         Downloading Security Policy
> /opt/CPfw1-41/conf/Standard.pf to hades
>         Failed to Download Security Policy on hades:
> Resources temporarily
> unavailable
>         Installing Security Policy on hades failed
>
>         As a note, I have set up authentication
> between the Management
> Modules and the Firewall-1 Modules and also
>         configured the Firewall-1 module to know
> where to look for to
> download the Security Policy (e.g. who is the
> master).
>
>         I would appreciate any insights/suggestions
> on how to solve this
> problem.
>
>         Thanks,
>
>         Thuan Pham
>
>
>

__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Netscape CMS4.2 ...and CRL
Next by Date: RE: [FW1] Netscape CMS4.2 ...and CRL
Previous by thread: Re: [FW1] Single management console , VPN between two firewall modules
Next by thread: RE: [FW1] Netscape CMS4.2 ...and CRL
Index(es):
- Date
- Thread