Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Trouble installing policy, NG-FP2/IPSO

To: [email protected]
Subject: Re: [FW-1] Trouble installing policy, NG-FP2/IPSO
From: Jayme Hoburn <[email protected]>
Date: Tue, 13 Aug 2002 14:43:53 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Title: RE: [FW-1] Trouble installing policy, NG-FP2/IPSO

check the fwm.elg log, that may give you a clue as to why it is failing. It may be that the new policy file is just big enough to fill the filesystem when it is trying to save, check how much space you have free and if possible clean up some of the old stuff and then try it again.

-----Original Message-----
From: Jason Pratt [mailto:[email protected]]
Sent: Tuesday, August 13, 2002 12:38 PM
To: [email protected]
Subject: [FW-1] Trouble installing policy, NG-FP2/IPSO

Hello. I'm having trouble installing a policy from the NT GUI client to my firewall-1 management instance. It fails every time, while saving, with a dialog box stating: "The changes could not be saved. Please make sure that all Firewall-1 services are up and running. For more information use the Status Manager application." I can load, edit, and verify the policy with no trouble. I am not using QoS. Also, saving and installing the /unmodified/ policy works flawlessly (if uselessly.)

Status manager reports 'Ok' status for all FW1 services (FireWall-1, SVN Foundation, Management, VPN-1) except for Floodgate-1, which we have never run. The Management service shows only the GUI client I am using as connected, with the only lock on the database. This is cleared correctly if I exit the GUI client from which I am trying to install the policy.

The firewall is up and running, and performing beautifully - this is a production cluster. The security policy is being enforced correctly. Also, the policy itself is rather small - only ~25 rules, and NAT (22 NAT rules.) This is a standalone configuration - the management and enforcement modules reside together on the single nokia.

This setup has worked up until this week. The last time I installed a policy was Jul 10, and no upgrades, patches, or OS-level changes have been made since then.

I am running checkpoint NG FP2 (build 52213) standalone on a nokia IP330 running IPSO 3.5-FCS6. Disk and memory utilization are fine. I am not able to get a connection to the terminal without being onsite.

Any help or pointers would be appreaciated, thanks!

::ja

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail =================================================
To unsubscribe from this mailing list,
please see the instructions at http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected] =================================================

Follow-Ups:
- [FW-1] Remote management of firewall
  - From: Sidharth Bhadani <[email protected]>

Prev by Date: Re: [FW-1] Connection cannot be initiated-NG FP2
Next by Date: [FW-1] Multiple static NAT's on FP1?
Previous by thread: [FW-1] Trouble installing policy, NG-FP2/IPSO
Next by thread: [FW-1] Remote management of firewall
Index(es):
- Date
- Thread