[FW-1] SecuRemote problems after generating new Certificate for Hybrid mode

[Michael Knobloch <Michael.Knobloch@FW1-NOSPAMCAIROCONSULT.DE>]

Hi together

We have a Nokia IP440 with IPSO 3.4.1 running FW 4.1 SP5 with a separate
Managementsever running on a W2K machine (also SP5)

For setting up this device I used the rule and objects of the prior SUN
FW4.1 SP4.
After this replacement we still used the old certificate for SecuRemote
Hybridmode, what was still defined in the Firewalled ateway machine.
Everything was fine that way.

Now I had to genereate a new certificate, because a second Firewall
should be managed via this way and I want to clean up the installation.

So I deletet the certificat and the internalCA also I disabled FWZ
encryption (wasn´t used anymore)
I created the CA on the Management module and certified my Nokia
gateway.

I first thought everything is fine a could work after a site update as
before.
But then the phone starts ringing and it looks like the most clients
running lower then Build 4199 (except 4185 on W2K) have problems.
They can authenticate but access to the internal network is only
temporarliy or not possible at all.
(Negotation with Firewall  failed - after some minutes)

Again enabling FWZ and updating the clients also does not help.

Only installing Build 4199 looks like the solution, but I can not roll
out then in one day to everyone, so I need a quick solution)

Can anybody tell me what I did wrong?? Or has even a suggestion about
that.

Every comment is welcome.

Thx Michael


Michael Knobloch
Certified Information Systems Engineer
CAIRO AG, Germany

E-mail: <Michael.Knobloch@cairoconsult.de >
Phone:+49 (621) 86751-0
Fax:    +49 (621) 86751-10

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================