[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] WG: [FW-1] How to convert Single Gateway to Distribute d config?
/etc/fw/conf/product.conf -----Original Message----- From: Steck, Steffen M. [mailto:[email protected]] Sent: Tue, October 23, 2001 9:17 AM To: [email protected] Subject: [FW-1] WG: [FW-1] How to convert Single Gateway to Distributed config? Nico, I did this recently and ran into the same problems. My machine lost its licenses during this. Maybe have a look there. Steffen -----Ursprüngliche Nachricht----- Von: Nico De Ranter [mailto:[email protected]] Gesendet: Montag, 22. Oktober 2001 13:29 An: [email protected] Betreff: [FW-1] How to convert Single Gateway to Distributed config? Hi, I have a firewall running as "single gateway" on Solaris (sparc). I will need to manage a second firewall so I prefer to split the management module to a separate machine. According to the VPN-1/FW-1 administration Guide (p.71) this should be possible by either reinstalling the firewall as "distributed setup" or "alternatively, you can creconfigure by manually modifying $FWDIR/conf/master...". Since reinstalling the firewall will mean too much downtime, I tried the second solution. After doing an "fw putkey" on both machines and restarting the management module I get the following output when trying to restart the firewall: ------------------ FireWall-1: Starting fwd FireWall-1: Starting fwm (Remote Management Server) FireWall-1: Fetching Security Policy from 192.168.1.1 10.1.1.1 localhost Trying to fetch Security Policy from 192.168.1.1: FW: Received new control security key from 192.168.1.1 Authentication for command fetch failed Fetching Security Policy from 192.168.1.1 failed Trying to fetch Security Policy from 10.1.1.1: Installing Security Policy policy on all.all@charon Fetching Security Policy from 10.1.1.1 succeeded FireWall-1: Starting cpmad (Malicious Activity Detection) FireWall-1 started ----------------- Apparently the firewall can reach the management server but I always get "Authentication for command fetch failed". (Note: I checked lib/control.map on both machines, both contain the same encryption schemes, both servers run the same version of the firewall with the same encryption options) Any suggestions? Anybody done this before? Thanks in advance, Nico --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Sony Service Center (SDCE/VPE-B) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: [email protected] =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|