|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] RE: [FW-1] Poor man´s Mgmt server HA II
Here are some ideas: 1)re-configure your firewall modules to talk to the new management server. (cpconfig) and vice versa, you probably also need to move the license to the new server too - unless you are failing the hostname/ip address over to the new machine, then you may be ok. redo putkeys 2)you may need to have another object in your policy representing the secondary management station - if its ip/hostname is different. 3) Also, you may try resetting your password via fwm -a 4) if all else fails, on your management server look at the $FWDIR/log/fwm.elg file or the fwui.log file and they may point you in the right direction. -----Original Message----- From: James Schnack [mailto:[email protected]] Sent: Friday, April 12, 2002 11:01 AM To: [email protected] Subject: [FW-1] Poor man´s Mgmt server HA II I'll try to re-phrase my previous posting, and see if I make it more "attractive" so as to get a reply (or at least shorter!)... ;) Say a Solaris 8 box running as a Mgmt station for 2 FW modules goes down. I have copies of the needed files to rebuild that box on an exact same piece of HW. After everything is installed, and files are copied over to the new box, I point my GUI client to it and get kicked out immediately with an "Authorization Failure" message. What could I be missing ? gui-clients and fwmusers file are there already. TIA, James -------------------------------------------- Hi, I have a Mgmt server running VPN-1 NG FP1 on Solaris 8. Have an additional Sun box that works as a backup (poor man´s Mgmt HA is what you´d call this...), when required. Scripts are run periodically on the active Mgmt server that copy several files to the backup box (which is connected to the network, and has a different IP address): objects, rulebases, users, etc. etc. If active Mgmt server fails, a couple of scripts are manually run on the backup box which "convert" it to the active Mgmt (including a change of IP address). After doing this "conversion", I am unable to log in with a GUI client to the backup box [which now impersonates the Mgmt server]. I am quickly kicked out with an "Authorization failure" message. I have copied over gui-clients and fwmusers files to the right location. I thought this would be enough, but obviously it´s not. Maybe there´s something different in the way NG validates GUI client users ? Or am I missing something here, regardless of version ? Any thoughts will be appreciated. Thanks and regards, J. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
