NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NG Gateway cluster issue



Hi,

I installed a Stonebeat FC cluster with two NG FP1 nodes on solaris 8.
Everything worked very well. I had to replace the second node because of
hardware issues. The object 'node2' was already defined in the policy.
So I reset the SIC and re-established the SIC. This worked fine. I'm
able to attach the license to the node (using central licensing).
However, when I add the node to the gateway cluster object, it gives me
a popup 'Revoking certificate' window with a 'General error in
Certificate Authority' message. I' able to close the window, and 'node2'
is actually part of the gateway cluster then. When I push the policy, it
gives me this messages: "VPN-1/FireWall-1 policy installation failed for
module node2...
 Reason: Load on module Failed - No valid FM license"

When I reboot or restart (cpstop&&cpstart) the node, I get this error
message:"Installing Security Policy defaultfilter on all.all@node2
Fetching Security Policy from localhost succeeded
 WARNING: Cannot locate my Network Object
 Failed to read database.
 Probably module was never installed
 Failed to fetch policy from masters in masters file
FireWall-1 started"

I've tried to recreate the 'node2' object. I've tried to create a new
object with a different name. I've tried many time to reset the SIC. The
trust is always established, so I don't think it's a sic issue any more.


Any help would be greatly appreciated.

Cheers
Andre'

Network Security Engineer
Dimension Data Security
Tel: +27 21 659 2540
Fax: +27 21 659 2195
Email: [email protected]
Geek by nature, Unix by choice.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.