NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] FW: gui problem



also....

if I turn fw debug fwm on, the output  is


[root@ /root]# tail /etc/fw/log/fwm.elg
[FWM 1012]@ ckpSSL_NegotiateStep: should retry.
[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client
certificate A
[FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is:
336151570
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate:s3_pkt.c:790

[FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3
[FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown
[FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A
[FWM 1012]@xxx ckpSSL_Destroy: close fd 29
[root@xxx /root]# tail -f /etc/fw/log/fwm.elg
[FWM 1012]@xxx ckpSSL_NegotiateStep: should retry.
[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client
certificate A
[FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is:
336151570
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate:s3_pkt.c:790

[FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3
[FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown
[FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A
[FWM 1012]@xxx ckpSSL_Destroy: close fd 29
[FWM 1012]@xxx fwasync_conn_params: <a0a051e,18190> -> <a0a04a0,1300>
[FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[FWM 1012]@xxx sic_server_set_version: 29 protocol version is 51000000
[FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[FWM 1012]@xxx sic_server_get_sic_type: 29 security type is cpmi.
[FWM 1012]@xxx policy_query: src : cn=cp_mgmt,o=xxx..a3ffvz dst :
CN=Gui_Client
[FWM 1012]@xxx gui_connection_sic_plugin: gui client sic name on connection
29.
[FWM 1012]@xxx call_handlers_list: conversion success.
[FWM 1012]@xxx PM_session_init: given session
I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi).
[FWM 1012]@xxx PM_policy_query: input session
I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi).
[FWM 1012]@xxx sicobj_resolve_by_opsec: No object found with SIC name
'CN=Gui_Client,IP=10.10.4.160'
[FWM 1012]@xxx Address found in clients file
[FWM 1012]@xxx fwm_resolve_gui_clients: accept client
CN=Gui_Client,IP=10.10.4.160
[FWM 1012]@xxx PM_policy_query: rule found
(ANY;GUI_CLIENTS;ANY;cpmi;asym_sslca(1/2)).
[FWM 1012]@xxx PM_policy_query: finished successfully. 1st method =
asym_sslca
[FWM 1012]@xxx ckpSSL_PrepareConnection: verify mode: 0
[FWM 1012]@xxx My SSL Ciphers:
[FWM 1012]@xxx Cipher List:
[FWM 1012]@xxx 0: DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA
Enc=3DES(168) Mac=SHA1

[FWM 1012]@xxx 1: RC4-SHA                 SSLv3 Kx=RSA      Au=RSA
Enc=RC4(128)  Mac=SHA1

[FWM 1012]@xxx 2: RC4-MD5                 SSLv3 Kx=RSA      Au=RSA
Enc=RC4(128)  Mac=MD5

[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = before/accept
initialization
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx ckpSSL_NegotiateStep: should retry.
[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client hello
B
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx ckpSSL_NegotiateStep: should retry.
[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client
certificate A
[FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is:
336151570
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate:s3_pkt.c:790

[FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3
[FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown
[FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A
[FWM 1012]@xxx ckpSSL_Destroy: close fd 29
[FWM 1012]@xxx fwasync_conn_params: <a0a051e,18190> -> <a0a04a0,1305>
[FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[FWM 1012]@xxx sic_server_set_version: 29 protocol version is 51000000
[FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[FWM 1012]@xxx sic_server_get_sic_type: 29 security type is cpmi.
[FWM 1012]@xxx policy_query: src : cn=cp_mgmt,o=xxx..a3ffvz dst :
CN=Gui_Client
[FWM 1012]@xxx gui_connection_sic_plugin: gui client sic name on connection
29.
[FWM 1012]@xxx call_handlers_list: conversion success.
[FWM 1012]@xxx PM_session_init: given session
I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi).
[FWM 1012]@xxx PM_policy_query: input session
I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi).
[FWM 1012]@xxx sicobj_resolve_by_opsec: No object found with SIC name
'CN=Gui_Client,IP=10.10.4.160'
[FWM 1012]@xxx Address found in clients file
[FWM 1012]@xxx fwm_resolve_gui_clients: accept client
CN=Gui_Client,IP=10.10.4.160
[FWM 1012]@xxx PM_policy_query: rule found
(ANY;GUI_CLIENTS;ANY;cpmi;asym_sslca(1/2)).
[FWM 1012]@xxx PM_policy_query: finished successfully. 1st method =
asym_sslca
[FWM 1012]@xxx ckpSSL_PrepareConnection: verify mode: 0
[FWM 1012]@xxx My SSL Ciphers:
[FWM 1012]@xxx Cipher List:
[FWM 1012]@xxx 0: DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA
Enc=3DES(168) Mac=SHA1

[FWM 1012]@xxx 1: RC4-SHA                 SSLv3 Kx=RSA      Au=RSA
Enc=RC4(128)  Mac=SHA1

[FWM 1012]@xxx 2: RC4-MD5                 SSLv3 Kx=RSA      Au=RSA
Enc=RC4(128)  Mac=MD5

[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = before/accept
initialization
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx ckpSSL_NegotiateStep: should retry.
[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client hello
B
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx ckpSSL_NegotiateStep: should retry.
[FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client
certificate A
[FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is:
336151570
[FWM 1012]@xxx SSL e stack
[FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad certificate:s3_pkt.c:790

[FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3
[FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown
[FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A
[FWM 101
>  -----Original Message-----
> From:         Idan Dolev
> Sent: Mon, March 11, 2002 9:45 AM
> To:   Checkpoint Mailing List (E-mail)
> Subject:      gui problem
>
> Also,
>
> in cpca.elg I get the error :
> main: fw_establish of mgmt port failed
> and in fwd.elg I get the error :
> fwauthd: cannot run server in.aufpd: Authentication Services are
> unavailable. Connection refused.
>
>  fwauthd: cannot run server vpnd: Authentication Services are unavailable.
> Connection refused.
>
>  fwauthd: cannot run server mdq: Authentication Services are unavailable.
> Connection refused.
>
>  fwauthd: cannot run server xrmd: Authentication Services are unavailable.
> Connection refused.
>
>  fwd_log_handler: 53: Log version 20000000 supported, accept connection
>  -----Original Message-----
> From:         Idan Dolev
> Sent: Mon, March 11, 2002 9:39 AM
> To:   Checkpoint Mailing List (E-mail)
> Subject:      gui problem
>
> HI,
>
> I have installed NG on 7.1 kernel 2.4.9-3, the installation is out of the
> box, I have a license and it seems to be running as it should be, fwd and
> fwm are running, but from some reason I can not seem to connect with the
> gui, I have defined a user and its ip in the gui-clients, but I get the
> message:
> authentication to server failed
> I am using the right user with the right password.
> The 18190 port is  up and running.
>
>
> Best regards,
>
> Idan Dolev
>
>
>
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.