[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Illegal command in control.map
It
seems you've retained the older control.map.
Building FW 4.1 (SP3) from scratch, you get this one:
MASTERS: getkey,gettopo,gettopossl,certreq/none
fwn1_opsec/fwn1 ssl_opsec/ssl ssl_clear_opsec/sslclear
*/fwa1
CLIENT : load,db_download,fetch,log/fwa1
fwn1_opsec/fwn1 ssl_opsec/ssl
ssl_clear_opsec/sslclear
*/none
* :
getkey,gettopo,gettopossl,certreq/none
unload,load,db_download,logswitch/deny fwn1_opsec/fwn1
ssl_opsec/ssl ssl_clear_opsec/sslclear */fwa1
FW 4.1
doesn't understand the commands opsec and ioctl when it parses
control.map.
I
think you've got them mixed up !
Tim
Hi
all,
Recently, I upgraded
my firewall running on Nokia IP330 from 4.0 SP3 to 4.1 SP5. The upgrade have
been done without any troubles but.... everytime I do a fetch, I get these errors and then the rule is installed successfully.
Authentication error: Illegal command
<opsec> in control.map
Authentication error: Illegal command
<opsec> in control.map
Authentication error: Illegal command
<ioctl> in control.map
Authentication error: Illegal command
<opsec> in control.map
If I edit the
control.map I can see a different configuration as others control.map of
older release. In the older release I can see "fwn1_opsec" rather than "opsec"
only. See below the control.map of my release 4.1 SP5:
MASTERS:
getkey,gettopo,gettopossl,certreq/none
opsec/fwn1 */fwa1
CLIENT :
load,db_download,fetch,log/fwa1
opsec/fwn1
*/none
* :
getkey,gettopo,gettopossl,certreq/none
unload,ioctl,load,db_download,lo
gswitch/deny opsec/fwn1 */fwa1
"ioctl" is not
part of older release of control.map
Someone have an
idea?
Marc
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
Dimension Data mail system for the presence of computer viruses.
www.uk.didata.com
**********************************************************************