Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] RE: [FW-1] Poor man´s Mgmt server HA II

To: [email protected]
Subject: [FW-1] RE: [FW-1] Poor man´s Mgmt server HA II
From: "Loesch, John" <[email protected]>
Date: Fri, 12 Apr 2002 12:38:04 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Sounds like you putkeys are out of sync (which would make sense if the
backup files were not current).  Try reissuing putkeys on both the
management server and the firewall modules...

-----Original Message-----
From: James Schnack [mailto:[email protected]]
Sent: Friday, April 12, 2002 11:01 AM
To: [email protected]
Subject: [FW-1] Poor man´s Mgmt server HA II

I'll try to re-phrase my previous posting, and see if I make it more
"attractive" so as to get a reply (or at least shorter!)...  ;)

Say a Solaris 8 box running as a Mgmt station for 2 FW modules goes down. I
have copies of the needed files to rebuild that box on an exact same piece
of HW.

After everything is installed, and files are copied over to the new box, I
point my GUI client to it and get kicked out immediately with an
"Authorization Failure" message.

What could I be missing ? gui-clients and fwmusers file are there already.

TIA,

James

--------------------------------------------

Hi,

I have a Mgmt server running VPN-1 NG FP1 on Solaris 8. Have an additional
Sun box that works as a backup (poor man´s Mgmt HA is what you´d call
this...), when required.

Scripts are run periodically on the active Mgmt server that copy several
files to the backup box (which is connected to the network, and has a
different IP address): objects, rulebases, users, etc. etc. If active Mgmt
server fails, a couple of scripts are manually run on the backup box which
"convert" it to the active Mgmt (including a change of IP address).

After doing this "conversion", I am unable to log in with a GUI client to
the backup box [which now impersonates the Mgmt server]. I am quickly kicked
out with an "Authorization failure" message.

I have copied over gui-clients and fwmusers files to the right location. I
thought this would be enough, but obviously it´s not.

Maybe there´s something different in the way NG validates GUI client users ?
Or am I missing something here, regardless of version ?

Any thoughts will be appreciated.

Thanks and regards,

J.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Disable SR cleartext topology request in NG FP2
Next by Date: [FW-1] Out Of Office Reply
Previous by thread: [FW-1] Synchronisation of translation tables
Next by thread: [FW-1] RE: [FW-1] Poor man´s Mgmt server HA II
Index(es):
- Date
- Thread