NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NG FP1 management problems

  • To: [email protected]
  • Subject: Re: [FW-1] NG FP1 management problems
  • From: "Roelandts, Guy" <[email protected]>
  • Date: Tue, 16 Apr 2002 15:50:45 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcHlSqIfk5cDWzVDQRaJadnSUT+mPAAAv58A
  • Thread-topic: Re: [FW-1] NG FP1 management problems
Simon,

   Will try this as soon as I have some spare time again.

   Thank you for the reply anyway.

Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================


-----Original Message-----
From: Churcher, Simon [mailto:[email protected]]
Sent: 16 April 2002 14:43
To: [email protected]
Subject: Re: [FW-1] NG FP1 management problems


Guy,

Try the following ...

Check that the management has external host entries for each remote module
Check that the remote modules have the external address of the management in
their hosts file
Put two NAT rules on the remote module ...
        MGMT-NAT > Remote-Module - MGMT-REAL > Original
        Remote-Module > MGMT-REAL - Original > MGMT-NAT
Make sure that the MGMT is only NAT'd on the existing 4.1 firewall in site A

Hope this helps

simon

-----Original Message-----
From: Roelandts, Guy [mailto:[email protected]]
Sent: Thursday, April 11, 2002 4:40 PM
To: [email protected]
Subject: [FW-1] NG FP1 management problems


Hello,

    We are currently facing a strange problem since we upgraded one of the
installations to NG FP1.

     The configuration is as follows :

        a. Internal management server, using a 10.0.7.* address, NAT'ted to
an official address

        b. Firewall module, still at 4.1-SP5, sits in front of this
management server

        c. Several External Firewall modules, getting their policy from a.
and logging to a.

     The problem is the following, when the $FWDIR/masters file contains the
Internal management
        server name, none of the Firewall modules can fetch their security
policy, either at boot
        time or using the fw fetch <management name> command, and the
logging fails too.

      If we replace the name by the External name in the $FWDIR/masters
file, the logging works
        but not the fetch.

     The only way we made the fetch work is by deleting the object for the
External name of the
        management server and creating a group including his IP address, but
at that moment the
        logging stops working.

     I think we are missing something ... but can't find what, even looking
in the CP doc doesn't help.

     Is anyone running a distributed NG FP1 environment and wanting to share
some of his config
        files, off-line of course, with me, so I can dig in them to find the
differences ?

     I am pretty sure this has something to do with that bl**** SIC stuff
but can't see what.

Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure.
If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.


Thank you,
Standard & Poor's

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.