Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Certificate Authority and OPSEC

To: [email protected]
Subject: [FW-1] Certificate Authority and OPSEC
From: Adrian Elford <[email protected]>
Date: Thu, 25 Jul 2002 16:41:00 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: Certificate Authority and OPSEC

We have Checkpoint NG (no feature packs) on Solaris 8 and I'm trying to setup an OPSEC client connection to the LEA server (Micromuse probe). I am unable to get my OPSEC application to the 'trust established' state.

The probe is locally installed on the management module and the enforcement modules are also logging to the management module.

We have since found that the FW Management module's Certificate Authority object refers to the OLD hostname, while the management server host DN refers to the current hostname of the FW management module.

Should these be the same and if so could this be the problem ??
If so why doesn't this affect the communications with the enforcement modules ?
Is it because they are external to the mgmt module and therfore use a different method of authentication?

Do you know if it's possible to correct this situation without reinstalling the FW manager completely

Regards

Adrian Elford

Network Management Specialist
Nortel Networks
Global Professional Services

Tel +44 1480 453013 (ESN 861 7147)
Mob +44 7740 671211 (ESN 748 1211)

-----Original Message-----
From: Stephan Pauly [mailto:[email protected]]
Sent: 25 July 2002 16:03
To: [email protected]
Subject: [FW-1] Upgrade from FP1 to FP2 failes

Hi,

I've got a problem with the FP2 upgrade installation:

Firewall-Installation as follows:

Mangement Server FP1, Sparc, Solaris 8
Primary & Secondary Node in Hot Standby, also FP1, Sparc, Solaris 8

I could successfully upgrade management station and secondary node (I
didn't touched the primary node so far, cause I wanted to ensure first
that everything works fine with FP2), at least the install script
reported no errors. But: after that, the installation of the security
policy always fails with the following error message:

----------

VPN-1/FireWall-1 policy installation failed for module node2 (member of
IDSINTFW)...
Reason: Load on module Failed - Version defined on FW object, does not
match version installedLoad on module Failed - Unable to set module conf
to files
VPN-1/FireWall-1 policy installed successfully on node1 (member of
IDSINTFW)...

VPN-1/FireWall-1 policy installation completed with errors for the
cluster IDSINTFW

----------

As you can see, the policy installation fails on node2, but completed
on node1, although it's still on FP1 !? This is a little bit
strange...
I already checked the version setting of the firewall objects in the
rulebase but it looks ok (set to FP2), so what's wrong here ?

Bye,
Stephan

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Encryption/Decryption Failure
Next by Date: [FW-1] DSL/PPOE
Previous by thread: Re: [FW-1] Upgrade from FP1 to FP2 failes
Next by thread: [FW-1] DSL/PPOE
Index(es):
- Date
- Thread