Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Unable to push a policy until fw unloadlocal is performed

To: [email protected]
Subject: [FW-1] Unable to push a policy until fw unloadlocal is performed
From: andrevs <[email protected]>
Date: Wed, 5 Jun 2002 08:36:58 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

"Unable to push a policy until fw unloadlocal is performed"

 I have a NG FP2 cluster running on 3 solaris 8 machines. 2
nodes/enforcement
 points and 1 MGMT.
 The High Availability package is running on both NG enforcement points with
 stonebeat version 3.
 I've configured the SICs and licenses within NG. The 2 Nodes are defined on
 the MGMT by their external ip addresses,
 but these are all connected by a seperately defined internal ip address
 range. When trying to push a
 policy I get the following:

 VPN-1/FireWall-1 policy installed successfully on fw-node1 (member of
 FW-cluster)...
 VPN-1/FireWall-1 policy installation failed for module fw-node2 (member of
 FW-cluster)...
 Reason: Connection failed - No response from daemon

 When I perform a fw unloadlocal on the fw-node1 node, the policy can be
 succesfully pushed. The policy
 is always successfully pushed to the other node (fw-node2)

 When trying to test the SICs, this works after a fw unloadlocal, but fails
 once the policy is pushed.
 I've tried resetting the SICs as well as removing and re-adding the NG
 packages on the fw-node1 node.

 i.e.:

 fw-node1 - 196.24.6.2
 fw-node1 - 196.24.6.3

 Management Station - 10.36.4.10
 internal-node1 - 10.36.4.11
 internal-node2 - 10.36.4.12

 ------->>>>>>> Please note the ip's are fictional!!! <<<<<<<<------------

 Static routes have been configured on the MGMT machine to get to the legal
 ip's via the respective Nodes. i.e:

 route add host 196.24.6.2 10.36.63.11
 route add host 196.24.6.3 10.36.63.12

 Any help would be appreciated!
-Andre'

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- [FW-1] fw_filterid Error
  - From: Slim ZOUAOUI <[email protected]>

Prev by Date: Re: [FW-1] Static NAT Question
Next by Date: [FW-1] fw_filterid Error
Previous by thread: [FW-1] Client Auth
Next by thread: [FW-1] fw_filterid Error
Index(es):
- Date
- Thread