NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NG Gateway cluster issue



My SIC is working. I can test it and it says 'Communicating'.
The trust establishes fine. In secureUpdate, the license is attached as
well.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Wayne
Graves
Sent: Tuesday, May 07, 2002 6:25 PM
To: [email protected]
Subject: Re: [FW-1] NG Gateway cluster issue


 I've had a problem like this for two weeks going between a Solaris 2.8
Management station that starting failing when I took it to FP2 and a
Nokia 740 that was at FP1, I upgraded it to FP2 yesterday and it
continued to fail. I discovered this morning that although the
management station is set for a time zone of California I had to move
the Nokia from the California time zone to GMT and then the internal
Certificates started working, after resetting the SIC. This all worked
fine with the time zones set to California prior to upgrading the
Management station to FP2, from FP1. I am still waiting for a call back
from Checkpoint to discus the problem. If you can't push the
communications button and then hit the Test SIC Status and get a
'Communicating' status then you can't push a policy to any NG firewall.
During this period I could push policies to 4.1 from NG with no problem.

                           Wayne

-----Original Message-----
From: andrevs [mailto:[email protected]]
Sent: Tuesday, May 07, 2002 5:20 AM
To: [email protected]
Subject: [FW-1] NG Gateway cluster issue
Importance: High


Hi,

I installed a Stonebeat FC cluster with two NG FP1 nodes on solaris 8.
Everything worked very well. I had to replace the second node because of
hardware issues. The object 'node2' was already defined in the policy.
So I reset the SIC and re-established the SIC. This worked fine. I'm
able to attach the license to the node (using central licensing).
However, when I add the node to the gateway cluster object, it gives me
a popup 'Revoking certificate' window with a 'General error in
Certificate Authority' message. I' able to close the window, and 'node2'
is actually part of the gateway cluster then. When I push the policy, it
gives me this messages: "VPN-1/FireWall-1 policy installation failed for
module node2...
 Reason: Load on module Failed - No valid FM license"

When I reboot or restart (cpstop&&cpstart) the node, I get this error
message:"Installing Security Policy defaultfilter on all.all@node2
Fetching Security Policy from localhost succeeded
 WARNING: Cannot locate my Network Object
 Failed to read database.
 Probably module was never installed
 Failed to fetch policy from masters in masters file
FireWall-1 started"

I've tried to recreate the 'node2' object. I've tried to create a new
object with a different name. I've tried many time to reset the SIC. The
trust is always established, so I don't think it's a sic issue any more.


Any help would be greatly appreciated.

Cheers
Andre'

Network Security Engineer
Dimension Data Security
Tel: +27 21 659 2540
Fax: +27 21 659 2195
Email: [email protected]
Geek by nature, Unix by choice.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.