Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Unable to connect to FW-1 (Nokia 330) via the Manageme nt Console (W2K)

To: [email protected]
Subject: Re: [FW-1] Unable to connect to FW-1 (Nokia 330) via the Manageme nt Console (W2K)
From: Chris Arnold <[email protected]>
Date: Sat, 12 Jan 2002 22:21:38 -0500
Comments: To: Bob Polk <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Are you calling your management console the host that happens to have the
GUI installed or do you actually have an EMC license installed on it?  If
the Windows box is truly an EMC then it looks like the Nokia isn't
configured for a distributed environment.  Check $FWDIR/conf/product.conf
and make sure _at least_ these options are listed:

StandAlone=0
Management=0

Other options may exist but they will need to be determined from your
licenses, etc.

Then check $FWDIR/conf/masters and make sure the IP address of your Win2k
EMC is listed.  Make sure your putkeys are correct.  Might as well redo them
to make sure.

Start the Nokia FW using fwstart once this everything looks right.  You'll
probably see the same errors.  After it starts and says "FireWall-1 started"
make sure fwd is running with "ps aux | grep fwd".  If it is, try "fw unload
localhost" on the Nokia and then try pushing policy from the GUI connected
to the EMC.

Chris

-----Original Message-----
From: Bob Polk
To: [email protected]
Sent: 1/12/02 7:46 PM
Subject: [FW-1] Unable to connect to FW-1 (Nokia 330) via the Management
Console (W2K)

Hello,

I have a Nokia 330 with FW-1 4.1 SP-1 installed.  When I attempt to
connect
to the Nokia box from the Management Console (Win2K Box), it completes
the 3
way handshake, the NT box pushes a packet and then the Nokia box sends a
Fin
packet and tears down the connection.  After this, Port 258 is no longer
listening on the Nokia box.  If I do a FWM, the port listens again, but
as
soon as I attempt to connect via the Management console the same thing
happens.  I verified that the IP that I'm using for the W2K box is in
the
GUI Clients on the Nokia box.


Additional information:

When I boot the Nokia box, I receive the following:
LOG_ERR] root: fwstart failed, check /var/log/fw.log

cat fw.log
Sat Jan  5 13:15:37 GMT 2002
FW-1: Default filter installed successfully
DEV       0  33 f2dba000 023e f2e1731c   1 fw1_mod
FireWall-1: Module already installed
FireWall-1: starting VPN-1 Accelerator Card
FW-1: The LunaVPN driver is not responding
VPN-1 Accelerator Card is not enabled
FireWall-1: failed to start VPN-1 Accelerator Card
FireWall-1: Starting fwd
FireWall-1:  Starting fwm (Remote Management Server)

FireWall-1: Fetching Security Policy from localhost
Trying to fetch Security Policy from localhost:
Failed to Load Security Policy: No State Saved
Fetching Security Policy from localhost failed

FireWall-1: Starting cpmad (Malicious Activity Detection)
FireWall-1 started

Additional Information:

uname -a
IPSO wrtnok1 3.2.1-fcs1 releng 849  11.24.1999-102644 i386
wrtnok1[admin]# fw ver -k
This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-1 Build
41492
IPSO]
kernel: Version 4.1 SP-1 Build 41492 IPSO-build-11 SDK-849 [VPN + DES +
STRONG]
wrtnok1[admin]# fw stat
HOST      POLICY     DATE
localhost defaultfilter  1Mar2000 23:38:19 :  [>eth-s5p1c0]
wrtnok1[admin]# netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address
(state)
tcp        0      0  *.258                  *.*
LISTEN
tcp        0      0  *.18185                *.*
LISTEN
tcp        0      0  *.26338                *.*
LISTEN
udp        0      0  *.161                  *.*
udp        0      0  *.514                  *.*



Any help would be greatly appreciated.

Thanks,

Bob
[email protected]


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] IPSO 3.4.1. on Nokia 650s with CP 4.1 SP5/
Next by Date: [FW-1] FTP problem
Previous by thread: Re: [FW-1] Unable to connect to FW-1 (Nokia 330) via the Management Console (W2K)
Next by thread: [FW-1] Documentation tools
Index(es):
- Date
- Thread