[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] FW: gui problem
also.... if I turn fw debug fwm on, the output is [root@ /root]# tail /etc/fw/log/fwm.elg [FWM 1012]@ ckpSSL_NegotiateStep: should retry. [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client certificate A [FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is: 336151570 [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:790 [FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3 [FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown [FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A [FWM 1012]@xxx ckpSSL_Destroy: close fd 29 [root@xxx /root]# tail -f /etc/fw/log/fwm.elg [FWM 1012]@xxx ckpSSL_NegotiateStep: should retry. [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client certificate A [FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is: 336151570 [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:790 [FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3 [FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown [FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A [FWM 1012]@xxx ckpSSL_Destroy: close fd 29 [FWM 1012]@xxx fwasync_conn_params: <a0a051e,18190> -> <a0a04a0,1300> [FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028 [FWM 1012]@xxx sic_server_set_version: 29 protocol version is 51000000 [FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028 [FWM 1012]@xxx sic_server_get_sic_type: 29 security type is cpmi. [FWM 1012]@xxx policy_query: src : cn=cp_mgmt,o=xxx..a3ffvz dst : CN=Gui_Client [FWM 1012]@xxx gui_connection_sic_plugin: gui client sic name on connection 29. [FWM 1012]@xxx call_handlers_list: conversion success. [FWM 1012]@xxx PM_session_init: given session I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi). [FWM 1012]@xxx PM_policy_query: input session I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi). [FWM 1012]@xxx sicobj_resolve_by_opsec: No object found with SIC name 'CN=Gui_Client,IP=10.10.4.160' [FWM 1012]@xxx Address found in clients file [FWM 1012]@xxx fwm_resolve_gui_clients: accept client CN=Gui_Client,IP=10.10.4.160 [FWM 1012]@xxx PM_policy_query: rule found (ANY;GUI_CLIENTS;ANY;cpmi;asym_sslca(1/2)). [FWM 1012]@xxx PM_policy_query: finished successfully. 1st method = asym_sslca [FWM 1012]@xxx ckpSSL_PrepareConnection: verify mode: 0 [FWM 1012]@xxx My SSL Ciphers: [FWM 1012]@xxx Cipher List: [FWM 1012]@xxx 0: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 [FWM 1012]@xxx 1: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 [FWM 1012]@xxx 2: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = before/accept initialization [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx ckpSSL_NegotiateStep: should retry. [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client hello B [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx ckpSSL_NegotiateStep: should retry. [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client certificate A [FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is: 336151570 [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:790 [FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3 [FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown [FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A [FWM 1012]@xxx ckpSSL_Destroy: close fd 29 [FWM 1012]@xxx fwasync_conn_params: <a0a051e,18190> -> <a0a04a0,1305> [FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028 [FWM 1012]@xxx sic_server_set_version: 29 protocol version is 51000000 [FWM 1012]@xxx fwasync_connbuf_realloc: reallocating 0 from 0 to 1028 [FWM 1012]@xxx sic_server_get_sic_type: 29 security type is cpmi. [FWM 1012]@xxx policy_query: src : cn=cp_mgmt,o=xxx..a3ffvz dst : CN=Gui_Client [FWM 1012]@xxx gui_connection_sic_plugin: gui client sic name on connection 29. [FWM 1012]@xxx call_handlers_list: conversion success. [FWM 1012]@xxx PM_session_init: given session I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi). [FWM 1012]@xxx PM_policy_query: input session I(cn=cp_mgmt,o=xxx..a3ffvz;CN=Gui_Client,IP=10.10.4.160;18190;cpmi). [FWM 1012]@xxx sicobj_resolve_by_opsec: No object found with SIC name 'CN=Gui_Client,IP=10.10.4.160' [FWM 1012]@xxx Address found in clients file [FWM 1012]@xxx fwm_resolve_gui_clients: accept client CN=Gui_Client,IP=10.10.4.160 [FWM 1012]@xxx PM_policy_query: rule found (ANY;GUI_CLIENTS;ANY;cpmi;asym_sslca(1/2)). [FWM 1012]@xxx PM_policy_query: finished successfully. 1st method = asym_sslca [FWM 1012]@xxx ckpSSL_PrepareConnection: verify mode: 0 [FWM 1012]@xxx My SSL Ciphers: [FWM 1012]@xxx Cipher List: [FWM 1012]@xxx 0: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 [FWM 1012]@xxx 1: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 [FWM 1012]@xxx 2: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = before/accept initialization [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx ckpSSL_NegotiateStep: should retry. [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client hello B [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx ckpSSL_NegotiateStep: should retry. [FWM 1012]@xxx ckpSSL_NegotiateStep: current state = SSLv3 read client certificate A [FWM 1012]@xxx ckpSSL_NegotiateStep: Current step failed. Error is: 336151570 [FWM 1012]@xxx SSL e stack [FWM 1012]@xxx 1012:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:790 [FWM 1012]@xxx ckpSSL_fwasync_connected: no connections err -3 [FWM 1012]@xxx ckpSSL_fwasync_close: start shutdown [FWM 1012]@xxx ckpSSL_ShutdownHandler: (2) SSLv3 read client certificate A [FWM 101 > -----Original Message----- > From: Idan Dolev > Sent: Mon, March 11, 2002 9:45 AM > To: Checkpoint Mailing List (E-mail) > Subject: gui problem > > Also, > > in cpca.elg I get the error : > main: fw_establish of mgmt port failed > and in fwd.elg I get the error : > fwauthd: cannot run server in.aufpd: Authentication Services are > unavailable. Connection refused. > > fwauthd: cannot run server vpnd: Authentication Services are unavailable. > Connection refused. > > fwauthd: cannot run server mdq: Authentication Services are unavailable. > Connection refused. > > fwauthd: cannot run server xrmd: Authentication Services are unavailable. > Connection refused. > > fwd_log_handler: 53: Log version 20000000 supported, accept connection > -----Original Message----- > From: Idan Dolev > Sent: Mon, March 11, 2002 9:39 AM > To: Checkpoint Mailing List (E-mail) > Subject: gui problem > > HI, > > I have installed NG on 7.1 kernel 2.4.9-3, the installation is out of the > box, I have a license and it seems to be running as it should be, fwd and > fwm are running, but from some reason I can not seem to connect with the > gui, I have defined a user and its ip in the gui-clients, but I get the > message: > authentication to server failed > I am using the right user with the right password. > The 18190 port is up and running. > > > Best regards, > > Idan Dolev > > > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|