[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] policy install failure on FW-1 cluster



Sounds like a putkey problem.  If putkeys are messed up you won't have any logging.  I would looked at the fwd.elg file on the failing module.  Look to see if it is getting a "Log Server x.x.x.x went down" message.  Also, run tcpdump from the failing module to see what the traffic is doing.
 
-Aaron
 
 
 
 -----Original Message-----
From: Mauricio Munoz [mailto:[email protected]]
Sent: Wednesday, December 11, 2002 11:29 AM
To: [email protected]
Subject: Re: [FW-1] policy install failure on FW-1 cluster


It could be lost of putkeys.

====================================
Mauricio F. Mu�oz Quevedo



Firewall Security <[email protected]>
Sent by: Mailing list for discussion of Firewall-1 <[email protected]>

11/12/2002 10:53 a.m.
Please respond to Mailing list for discussion of Firewall-1

       
        To:        [email protected]
        cc:        
        Subject:        [FW-1] policy install failure on FW-1 cluster



-Hello-
 
Today when I tried to push a policy to our firewall cluster I received the following error:
 
=====================================
Our setup:
Twin Nokia ip440s (in vrrp mode) sp5a ipso, 3.4.1
=====================================
 
ERROR MSG:
 
policyname.W: Security Policy Script generated into policyname.pf
policyname:
Compiled OK.

 
Downloading Security Policy C:\WINNT\FW1\4.1\conf\WMLFWRUN2.pf to firewallname-gc
Downloading pxmail (member of firewallname-gc)
Downloading member firewall1 succeeded

 
Downloading pxmail2 (member of firewallname-gc)
Downloading member firewall2 failed: Connection refused
Downloading to cluster firewallname-gcpartially succeeded (1 from 2)

 

Installing Security Policy C:\WINNT\FW1\4.1\conf\WMLFWRUN2.pf on
all.all@firewallname (member of firewallname-gc)
Installing Security Policy on firewall1 succeeded

 

Installing Security Policy on Cluster firewallname-gc did not complete

 
Done.
 
 
The secondary (backup) firewall is online, reachable via ICMP (internally) telnet and via voyager.  Nothing is even showing up in the logs.  Ideas?
 
We would apperciate any help!