[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG FP1 management problems
Simon, Will try this as soon as I have some spare time again. Thank you for the reply anyway. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== -----Original Message----- From: Churcher, Simon [mailto:[email protected]] Sent: 16 April 2002 14:43 To: [email protected] Subject: Re: [FW-1] NG FP1 management problems Guy, Try the following ... Check that the management has external host entries for each remote module Check that the remote modules have the external address of the management in their hosts file Put two NAT rules on the remote module ... MGMT-NAT > Remote-Module - MGMT-REAL > Original Remote-Module > MGMT-REAL - Original > MGMT-NAT Make sure that the MGMT is only NAT'd on the existing 4.1 firewall in site A Hope this helps simon -----Original Message----- From: Roelandts, Guy [mailto:[email protected]] Sent: Thursday, April 11, 2002 4:40 PM To: [email protected] Subject: [FW-1] NG FP1 management problems Hello, We are currently facing a strange problem since we upgraded one of the installations to NG FP1. The configuration is as follows : a. Internal management server, using a 10.0.7.* address, NAT'ted to an official address b. Firewall module, still at 4.1-SP5, sits in front of this management server c. Several External Firewall modules, getting their policy from a. and logging to a. The problem is the following, when the $FWDIR/masters file contains the Internal management server name, none of the Firewall modules can fetch their security policy, either at boot time or using the fw fetch <management name> command, and the logging fails too. If we replace the name by the External name in the $FWDIR/masters file, the logging works but not the fetch. The only way we made the fetch work is by deleting the object for the External name of the management server and creating a group including his IP address, but at that moment the logging stops working. I think we are missing something ... but can't find what, even looking in the CP doc doesn't help. Is anyone running a distributed NG FP1 environment and wanting to share some of his config files, off-line of course, with me, so I can dig in them to find the differences ? I am pretty sure this has something to do with that bl**** SIC stuff but can't see what. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. Thank you, Standard & Poor's ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|