[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Unable to save policy - NG FP2

To: [email protected]
Subject: Re: [FW-1] Unable to save policy - NG FP2
From: "Bartlett, Jon" <[email protected]>
Date: Tue, 10 Dec 2002 08:52:40 -0700
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Good Call Paul,
I will try to apply the patch this week as well and will report back.

Thanks!!
Jon

-----Original Message-----
From: Paul McAtasney [mailto:[email protected]]
Sent: Tuesday, December 10, 2002 3:25 AM
To: [email protected]
Subject: Re: [FW-1] Unable to save policy - NG FP2

Check my previous post regarding Sun Alert 48601. You'll need to be at
kernel patch 17 with 113652-01 - I haven't upgraded my machine yet (plan to
this weekend), but it looks like that will resolve the problem.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Bartlett,
Jon
Sent: 09 December 2002 20:32
To: [email protected]
Subject: Re: [FW-1] Unable to save policy - NG FP2

We have the exact same error. Our config is below, we also have a ticket
open with Checkpoint escalated to Israel.

Firewall-1/VPN-1 NG FP3
Policy Server NG FP3
SmartView Monitor NG FP3
(everything on one box)
Solaris 8 64-bit
Sun Ultra 5
Single 400Mhz sparc processor
256MB Ram
Kernel patch is 108528-17
Using patch cluster from 11/25/02
Open Boot Prom 3.31

We have some admin accounts with only read/write access to the users
database and read only to the objects database ~ when these admins login
things seem to go bad.

This all started after our upgrade to FP3. During these errors I have seen
drops in log viewer for the the loopback address and received errors when
running cpstat that the amon server is unavailable.

We also receive the following error when we try to compile the rulebase in
Policy Editor (Dumb Dashboard):
Failed to resolve candidate firewall_application_(firewall object name)
Failed to install Policy

So far I have been successful at installing the policies via command line ~
I am going to test some rule changes today and will post back.

We have had nothing but problems since upgrading to NG, before the upgrade
to FP3 we received core dumps from cpd during each restart, occasional from
vpnd. We are moving over to a Nortel Solution ~ Checkpoint has been infected
by Microsoft and can no longer write good code for Unix.

Jon Bartlett
The Ryland Group, Inc.
Phoenix, AZ


-----Original Message-----
From: Russ Aspinwall [mailto:[email protected]]
Sent: Monday, December 09, 2002 9:34 AM
To: [email protected]
Subject: Re: [FW-1] Unable to save policy - NG FP2

Sun E220R
1GB RAM
Single 450Mhz sparc processor
Running Solaris 2.8 (2/02 edition) in 64-bit mode
Kernel patch is 108528-16
Using patch cluster from Oct/17/02

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Paul
McAtasney
Sent: Thursday, November 28, 2002 5:04 AM
To: [email protected]
Subject: Re: [FW-1] Unable to save policy - NG FP2


Russ,

Can you give me details of your hardware platform? What kernel patch are you
running? Is it 32 or 64-bit?

Regards Paul.

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Russ
Aspinwall
Sent: 21 November 2002 16:23
To: [email protected]
Subject: Re: [FW-1] Unable to save policy - NG FP2

I have the exact same problem with NG FP3 under Solaris 8,I have been
working with our support provider, who has in turn put a ticket in with
Checkpoint about this problem.

I tried downing and re-upping the loopback after I read your message and it
temporarily solved my problems as well (it breaks again after 15 - 45
minutes).

Have you tried to modify your firewall object when it is in this state? I
get the following when I do so:
Unable to contact Certificate Authority on the Management Station.
Please make sure the Certificate Authority daemon is running.

It acts like a CA problem, but we have done a sic_reset and recreated the CA
numerous times to no avail.

If I can provide any other info to assist in getting this solved I would be
happy to!

Thanks,

Russ

***************************************************
Russ Aspinwall, A+, Network+, I-Net+, CIW Associate
Network Administrator
Kalamazoo College

phone:fax:e-mail: [email protected]

---
"Nerd is so negative; I prefer digitally enabled."
***************************************************

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Paul
McAtasney
Sent: Thursday, November 21, 2002 9:59 AM
To: [email protected]
Subject: [FW-1] Unable to save policy - NG FP2


Hi,

Occasionally, my firewall (NG FP2 running on Solaris 8) won't allow me to
make any changes. When I try to save, the following message appears

"The changes could not be saved. Please make sure the Firewall1 services are
up and running. For more information use the Status Manager application."

The status manager shows all services are running fine and there doesn't
appear to be anything untoward with the Unix box. The problem is resolved by
a reboot, but can reoccur hours or days later. I subsequently noticed that
when this problem is happening, I am unable to ping localhost (although
ifconfig -a reports it as being UP and RUNNING). Bringing the lo0 interface
down and up again will resolve the firewall problem (until it happens
again).

Can anyone offer me an insight into a possible cause?

Regards Paul.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Follow-Ups:
- Re: [FW-1] Unable to save policy - NG FP2
  - From: Russ Aspinwall <[email protected]>
Prev by Date: Re: [FW-1] FP3/Win2k Crash problem
Next by Date: Re: [FW-1] Upgrade Firewall/VPN1 from 4.1 to NG fP2
Prev by thread: Re: [FW-1] Unable to save policy - NG FP2
Next by thread: Re: [FW-1] Unable to save policy - NG FP2
Index(es):
- Date
- Thread