[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] NG Gateway cluster issue
My SIC is working. I can test it and it says 'Communicating'. The trust establishes fine. In secureUpdate, the license is attached as well. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Wayne Graves Sent: Tuesday, May 07, 2002 6:25 PM To: [email protected] Subject: Re: [FW-1] NG Gateway cluster issue I've had a problem like this for two weeks going between a Solaris 2.8 Management station that starting failing when I took it to FP2 and a Nokia 740 that was at FP1, I upgraded it to FP2 yesterday and it continued to fail. I discovered this morning that although the management station is set for a time zone of California I had to move the Nokia from the California time zone to GMT and then the internal Certificates started working, after resetting the SIC. This all worked fine with the time zones set to California prior to upgrading the Management station to FP2, from FP1. I am still waiting for a call back from Checkpoint to discus the problem. If you can't push the communications button and then hit the Test SIC Status and get a 'Communicating' status then you can't push a policy to any NG firewall. During this period I could push policies to 4.1 from NG with no problem. Wayne -----Original Message----- From: andrevs [mailto:[email protected]] Sent: Tuesday, May 07, 2002 5:20 AM To: [email protected] Subject: [FW-1] NG Gateway cluster issue Importance: High Hi, I installed a Stonebeat FC cluster with two NG FP1 nodes on solaris 8. Everything worked very well. I had to replace the second node because of hardware issues. The object 'node2' was already defined in the policy. So I reset the SIC and re-established the SIC. This worked fine. I'm able to attach the license to the node (using central licensing). However, when I add the node to the gateway cluster object, it gives me a popup 'Revoking certificate' window with a 'General error in Certificate Authority' message. I' able to close the window, and 'node2' is actually part of the gateway cluster then. When I push the policy, it gives me this messages: "VPN-1/FireWall-1 policy installation failed for module node2... Reason: Load on module Failed - No valid FM license" When I reboot or restart (cpstop&&cpstart) the node, I get this error message:"Installing Security Policy defaultfilter on all.all@node2 Fetching Security Policy from localhost succeeded WARNING: Cannot locate my Network Object Failed to read database. Probably module was never installed Failed to fetch policy from masters in masters file FireWall-1 started" I've tried to recreate the 'node2' object. I've tried to create a new object with a different name. I've tried many time to reset the SIC. The trust is always established, so I don't think it's a sic issue any more. Any help would be greatly appreciated. Cheers Andre' Network Security Engineer Dimension Data Security Tel: +27 21 659 2540 Fax: +27 21 659 2195 Email: [email protected] Geek by nature, Unix by choice. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|