[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Initial SIC Comm. failure after upgrade to NG FP1

To: [email protected]
Subject: Re: [FW-1] Initial SIC Comm. failure after upgrade to NG FP1
From: "Kalat, Andrew (ISS Atlanta)" <[email protected]>
Date: Fri, 31 May 2002 16:40:00 -0400
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

As a follow up, we have narrowed the problem down to the "cpd" process not
starting, and therefore not listening for SIC connection on port 18211.

By starting the cpd process manually, we are able to establish SIC and push
policy.

Any further insight as to what may be causing cpd to not start would be
greatly appreciated.
Thanks.

Andy

> -----Original Message-----
> From: Kalat, Andrew (ISS Atlanta)
> Sent: Friday, May 31, 2002 10:34 AM
> To: [email protected]
> Subject: [FW-1] Initial SIC Comm. failure after upgrade to NG FP1
>
>
> Good day all,
>         In upgrading a number of remote FW modules, we are
> seeing about 50%
> failing to make the initial SIC connection after the reboot
> during install.
> This, along with the default filter, locks us out of the FW
> and makes our
> life very difficult.
>
> We are following the exact same procedure for each module, 3
> have worked
> fine, 3 have failed. We do not yet see a pattern as to why these are
> failing.
>
> Our resolution has been to use the cpconfig utility on the
> remote firewall
> to reestablish the one time password. This is painful though
> when we have
> remote boxes and no one to console in for us.
>
> Has anyone else seen similar problems? If so, any insight
> into what may be
> causing them and how to avoid/resolve? Any way to stop the
> default filter
> from installing would be helpful as well, or at least leave
> us a door into
> the box.
>
> Details:
> All FW boxes are Solaris 2.7 running 4.1, SP5.
> Management is Solaris 8, NG, FP2.
>
> Thanks.
> Andy
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] "Content Encoding Type Not Allowed" using CVP on NG FP2
Next by Date: Re: [FW-1] CheckPoint on Linux (is iptables doing the work)?
Prev by thread: [FW-1] Initial SIC Comm. failure after upgrade to NG FP1
Next by thread: [FW-1] VPN Problem ERROR OCCURRED SKEME:IKE
Index(es):
- Date
- Thread