NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] WG: [FW-1] How to convert Single Gateway to Distribute d config?



/etc/fw/conf/product.conf


-----Original Message-----
From: Steck, Steffen M. [mailto:[email protected]]
Sent: Tue, October 23, 2001 9:17 AM
To: [email protected]
Subject: [FW-1] WG: [FW-1] How to convert Single Gateway to Distributed
config?


Nico,
I did this recently and ran into the same problems. My machine lost its
licenses during this. Maybe have a look there.
Steffen

-----Ursprüngliche Nachricht-----
Von: Nico De Ranter [mailto:[email protected]]
Gesendet: Montag, 22. Oktober 2001 13:29
An: [email protected]
Betreff: [FW-1] How to convert Single Gateway to Distributed config?


Hi,

I have a firewall running as "single gateway" on Solaris (sparc).
I will need to manage a second firewall so I prefer to split the
management module to a separate machine. According to the VPN-1/FW-1
administration Guide (p.71) this should be possible by either
reinstalling the firewall as "distributed setup" or "alternatively, you
can creconfigure by manually modifying $FWDIR/conf/master...".
Since reinstalling the firewall will mean too much downtime, I tried
the second solution. After doing an "fw putkey" on both machines
and restarting the management module I get the following output when
trying to restart the firewall:

------------------
FireWall-1: Starting fwd
FireWall-1:  Starting fwm (Remote Management Server)

FireWall-1: Fetching Security Policy from 192.168.1.1 10.1.1.1 localhost
Trying to fetch Security Policy from 192.168.1.1:
FW: Received new control security key from 192.168.1.1
Authentication for command fetch failed
Fetching Security Policy from 192.168.1.1 failed
Trying to fetch Security Policy from 10.1.1.1:

Installing Security Policy policy on all.all@charon
Fetching Security Policy from 10.1.1.1 succeeded

FireWall-1: Starting cpmad (Malicious Activity Detection)
FireWall-1 started
-----------------

Apparently the firewall can reach the management server but I
always get "Authentication for command fetch failed". (Note: I checked
lib/control.map on both machines, both contain the same encryption schemes,
both servers run the same version of the firewall with the same encryption
options)

Any suggestions? Anybody done this before?

Thanks in advance,

Nico

---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Sony Service Center (SDCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.