[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Security Policy Download Error
Title: RE: [FW1] Security Policy Download Error
Hello All:
Thank you for your all replies. Actually, I am able to resolve the problem last week. It turns out that I mistakenly NATed the network that connects to the secondary firewall with a public address. Firewall-1 does not like it since we are doing internal routing between the Management Console and the two FW-1 modules. The moment I took it out, everything works fine.
Once again, thank you for all of your responses.
Thuan Pham
-----Original Message-----
From: Yim Lee [mailto:[email protected]]
Sent: Monday, April 16, 2001 8:54 AM
To: Chris Arnold; 'Thuan Pham';
[email protected]
Subject: RE: [FW1] Security Policy Download Error
Add this
:fwd_conn_tout (90)
to $FWDIR/lib/setup.C
HTH
Yim
--- Chris Arnold <[email protected]> wrote:
> I get this fairly often but the policy is in fact
> properly installed. On
> the FW platform, try "$FWDIR/bin/fw stat" to compare
> time/date of the
> current installed policy with the last time you
> tried to push policy from
> the GUI.
>
> Alternatively, it really isn't being installed. On
> the FW platform, try
> "$FWDIR/bin/fwstop; $FWDIR/bin/fwstart" and watch
> the messages. Is the
> policy correctly fetched from the master(s)
> (management console)? If so,
> you could have a putkey issue so try reissuing the
> putkey for the management
> console on the FW module.
>
> Chris
>
> -----Original Message-----
> From: Thuan Pham [mailto:[email protected]]
> Sent: Wednesday, April 11, 2001 8:59 PM
> To: [email protected]
> Subject: [FW1] Security Policy Download Error
>
>
>
> Hello All:
>
> I have a question on Downloading the
> Security Policy to CP
> Firewall-1 modules:
>
> When I am downloading the Security Policy
> from Management Module to
> one of the Firewall-1
> Modules (enforcement points), I get the
> following error messages:
>
> Standard.W: Security Policy Script generated
> into Standard.pf
> Standard:
> Compiled OK.
>
> Downloading...
>
> Downloading Security Policy
> /opt/CPfw1-41/conf/Standard.pf to hades
> Failed to Download Security Policy on hades:
> Resources temporarily
> unavailable
> Installing Security Policy on hades failed
>
> As a note, I have set up authentication
> between the Management
> Modules and the Firewall-1 Modules and also
> configured the Firewall-1 module to know
> where to look for to
> download the Security Policy (e.g. who is the
> master).
>
> I would appreciate any insights/suggestions
> on how to solve this
> problem.
>
> Thanks,
>
> Thuan Pham
>
>
>
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================