[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Policy problem
Eric,
Sorry but I don't get you on this one, you seem to tell me that you
have 3 Firewalls, 2 of them are in HA and one is a standalone one. When
you try to load a security policy to one of them it fails because of a
problem with the authentication, right ? How did you do the putkeys on
all the modules ? And on the Management Server ? I have done a very same
setup for one of our customers and it works like a charm, we even have a
remote Firewall with a cold stand bye one who works fine too.
Met vriendelijke groeten - Bien � vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
=====================================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
=====================================================================
-----Original Message-----
From: Eric Appelboom [mailto:[email protected]]
Sent: Tuesday, November 13, 2001 2:33 PM
To: [email protected]
Subject: Re: [FW-1] Policy problem
Hi Guy, managed to find the fault, I used fw putkey -n to specify the
interface.
I still have a related problem with putkeys.
I have have 2 fw nodes in failover and a single node protecting another
network.
They both share the same management server as the master.
I have to redo the putkeys to one of them when I want to install a
policy.
If I redo to other fw nodes the other breaks with unauthorised action.
So whenever I want to make a change I have to first redo putkeys on the
node I want.
Fortunatley I use the one more than the other so I don't have to do it
too often but it is still a problem
Any ideas
Thanx
Eric
-----Original Message-----
From: Roelandts, Guy [mailto:[email protected]]
Sent: 13 November 2001 11:41
To: [email protected]
Subject: Re: [FW-1] Policy problem
Eric,
When you fetch the security policy from the Management Server, take a
look afterwards in the $FWDIR/state directory and see if the files that
are located in there got changed, updated. These are the ones, as far as
I know, that will contain your new security policy.
Met vriendelijke groeten - Bien � vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
=====================================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
=====================================================================
-----Original Message-----
From: Eric Appelboom [mailto:[email protected]]
Sent: Tuesday, November 13, 2001 7:57 AM
To: [email protected]
Subject: [FW-1] Policy problem
Hi All
I have a CP4.1 problem relating to the installation of a policy. I redid
putkeys between management and fwm and both adknowledge new key after
fwstop\fwstart I use a fw fetch to management and a policy is copied
with a recent timestamp.
However the rulebase changes are not applied. The old rulebase remains
active. I have checked object.C rules.C on the fwm but the rules are old
but the timestamp is new. I have also done a fw unload on fwm issuing a
fw fetch which retrieves fine. I understand that the policy gets
complied when clicking install in policy editor which it does. It copys
the policyname.W to policyname.pf but why doesnt the fw fetch get the
correct one? I run fw fetch x.x.x.x (management) and it does get
any.all@policyname.
I don't think it is authentication problem cause fw fetch works fine. We
use a fw fetch because the policy editor GUI's authentication problem
between the nodes. Not sure if this is the cause here? (putkeys I know
but it donsnt fix
this)
Help?
Thanx
Eric Appelboom
Office: (+27)Mobile: (+27)*** Disclaimer: The information in this email is confidential and is
intended solely for the addressee(s). Access to this email by anyone
else is unauthorised. If you are not an intended recipient, you must not
read, forward, print, use or disseminate the information contained in
the email. Any representations (contractual or otherwise), views or
opinions presented are solely those of the author and do not necessarily
represent those of the employer or any of its affiliates.
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================