[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG FP1 management problems
Richard, Thank you for the input, this configuration was working just fine in 4.1, having used the same trick as you, masters file containing both entries NAT'ted and unNAT'ted addresses, but NG does not use this anymore, it seems to get the node infos from the objects_5_0.C file, and it needs a certificate on the top, which my NAT'ted object does not have. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== -----Original Message----- From: Richard Marshall [mailto:[email protected]] Sent: 16 April 2002 14:43 To: [email protected] Subject: Re: [FW-1] NG FP1 management problems don't know if this will help, as not using NG yet... but i use both the internal and external names of the managment server in the masters file, having defined internal and external names/ips on the firewall hosts files. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Roelandts, Guy Sent: 11 April 2002 4:40 PM To: [email protected] Subject: [FW-1] NG FP1 management problems Hello, We are currently facing a strange problem since we upgraded one of the installations to NG FP1. The configuration is as follows : a. Internal management server, using a 10.0.7.* address, NAT'ted to an official address b. Firewall module, still at 4.1-SP5, sits in front of this management server c. Several External Firewall modules, getting their policy from a. and logging to a. The problem is the following, when the $FWDIR/masters file contains the Internal management server name, none of the Firewall modules can fetch their security policy, either at boot time or using the fw fetch <management name> command, and the logging fails too. If we replace the name by the External name in the $FWDIR/masters file, the logging works but not the fetch. The only way we made the fetch work is by deleting the object for the External name of the management server and creating a group including his IP address, but at that moment the logging stops working. I think we are missing something ... but can't find what, even looking in the CP doc doesn't help. Is anyone running a distributed NG FP1 environment and wanting to share some of his config files, off-line of course, with me, so I can dig in them to find the differences ? I am pretty sure this has something to do with that bl**** SIC stuff but can't see what. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS EMEA GS Internet Expertise Centre - CCSA & CCSE Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================If you have any questions on how to change your subscription options, email [email protected] ================ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|