[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Poor manīs Mgmt server HA II
I'll try to re-phrase my previous posting, and see if I make it more "attractive" so as to get a reply (or at least shorter!)... ;) Say a Solaris 8 box running as a Mgmt station for 2 FW modules goes down. I have copies of the needed files to rebuild that box on an exact same piece of HW. After everything is installed, and files are copied over to the new box, I point my GUI client to it and get kicked out immediately with an "Authorization Failure" message. What could I be missing ? gui-clients and fwmusers file are there already. TIA, James -------------------------------------------- Hi, I have a Mgmt server running VPN-1 NG FP1 on Solaris 8. Have an additional Sun box that works as a backup (poor man´s Mgmt HA is what you´d call this...), when required. Scripts are run periodically on the active Mgmt server that copy several files to the backup box (which is connected to the network, and has a different IP address): objects, rulebases, users, etc. etc. If active Mgmt server fails, a couple of scripts are manually run on the backup box which "convert" it to the active Mgmt (including a change of IP address). After doing this "conversion", I am unable to log in with a GUI client to the backup box [which now impersonates the Mgmt server]. I am quickly kicked out with an "Authorization failure" message. I have copied over gui-clients and fwmusers files to the right location. I thought this would be enough, but obviously it´s not. Maybe there´s something different in the way NG validates GUI client users ? Or am I missing something here, regardless of version ? Any thoughts will be appreciated. Thanks and regards, J.
================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|