Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Migration of CP NG FP2 management station

To: [email protected]
Subject: [FW-1] Migration of CP NG FP2 management station
From: Sidharth Bhadani <[email protected]>
Date: Thu, 29 Aug 2002 10:56:44 +0800
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

*This message was transferred with a trial version of CommuniGate(tm) Pro*
Hi All,

I am trying to migrate a management module which is presently running on
nokia IP330 together with the enforcement to a separate Windows server.

In regard to the migration of the management modules I have some doubts.
I am 1st laying down the steps which I followed in this migration.

1. I backed up the following files from the $fwdir/conf directory of
Nokia  IP330.
        i)objects_5_0.C
        ii)fwauth.NDB
        iii)InternalCA.*
        iv)ICA*.*
        v)sic_cert.p12

I installed the primary management module on windows 2000 server (SP2).
I initialize the certificate authority and FQDN.

I replaced the above mentioned files in winnt\FW1\NG\conf\ directory. I
started the management module but when I tried connecting using policy
editor, the GUI client crashed when it was showing "loading rules" in
the progress bar.

2. I replace the following files from $FWDIR/conf directory in addition
to the files mentioned in step 1.
        i)cmprulebase.fws
        ii)fgrulebases_5_0.fws
        iii)lcrulebase_5_0.fws
        iv)slprulebases_5_0.fws
After doing step 2 I can open the policies from policy editor. The
problem is now I can't see my primary management station object. Also
whenever I click on any checkpoint gateway objects (enforcement modules)
I get the following error
"Unable to contact Certificate Authority on the management Station
.Please make sure the certificate Authority daemon is running."

Also when I try editing the object I get this error
"The generation of internal CA certificate failed. This node will not be
able to perform certain VPN-1 operations that require this certificate".

The SIC between the module and enforcement is also not initialized.

I think I need to edit some files manually to include my primary
management module objects to work with the imported files but I am not
sure of the steps. If someone has done this before please advice on what
should be done.

Need your help badly,

Thanks and regards
Sidharth

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] TCP out of state and install policy
  - From: Raymond N <[email protected]>

Prev by Date: [FW-1] VPN question
Next by Date: Re: [FW-1] VPN question
Previous by thread: [FW-1] TCP out of state and install policy
Next by thread: Re: [FW-1] TCP out of state and install policy
Index(es):
- Date
- Thread