Re: [FW-1] Illegal command in control.map

To: [email protected]

Subject: Re: [FW-1] Illegal command in control.map

From: Tim Holman <[email protected]>

Date: Sat, 10 Nov 2001 12:59:18 -0000

Importance: Normal

In-Reply-To: <[email protected]>

Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>

Sender: Mailing list for discussion of Firewall-1 <[email protected]>

It seems you've retained the older control.map.

Building FW 4.1 (SP3) from scratch, you get this one:

MASTERS: getkey,gettopo,gettopossl,certreq/none   fwn1_opsec/fwn1 ssl_opsec/ssl ssl_clear_opsec/sslclear    */fwa1
CLIENT : load,db_download,fetch,log/fwa1    fwn1_opsec/fwn1 ssl_opsec/ssl ssl_clear_opsec/sslclear     */none
*      : getkey,gettopo,gettopossl,certreq/none unload,load,db_download,logswitch/deny    fwn1_opsec/fwn1 ssl_opsec/ssl ssl_clear_opsec/sslclear */fwa1

FW 4.1 doesn't understand the commands opsec and ioctl when it parses control.map.

I think you've got them mixed up !

Tim

-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Paiement, Marc
Sent: 31 October 2001 19:13
To: [email protected]
Subject: [FW-1] Illegal command in control.map

Hi all,

Recently, I upgraded my firewall running on Nokia IP330 from 4.0 SP3 to 4.1 SP5. The upgrade have been done without any troubles but.... everytime I do a fetch, I get these errors and then the rule is installed successfully.

Authentication error: Illegal command <opsec> in control.map
Authentication error: Illegal command <opsec> in control.map
Authentication error: Illegal command <ioctl> in control.map
Authentication error: Illegal command <opsec> in control.map

If I edit the control.map I can see a different configuration as others control.map of older release. In the older release I can see "fwn1_opsec" rather than "opsec" only. See below the control.map of my release 4.1 SP5:

MASTERS: getkey,gettopo,gettopossl,certreq/none   opsec/fwn1      */fwa1
CLIENT : load,db_download,fetch,log/fwa1   opsec/fwn1       */none
*      : getkey,gettopo,gettopossl,certreq/none unload,ioctl,load,db_download,lo
gswitch/deny   opsec/fwn1 */fwa1

"ioctl" is not part of older release of control.map

Someone have an idea?

Marc

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
Dimension Data mail system for the presence of computer viruses.

www.uk.didata.com
**********************************************************************