NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Sic Failure



To do a clean fwm sic_reset, you can follow the procedure outlined by
sk14532. It'll tell guide you in how to remove the existing IKE certificates
without having to manually play with the files.

G'luck,
Michel

-----Message d'origine-----
De : roberto fregoni [mailto:[email protected]]
Envoyé : 4 février, 2003 03:09
À : [email protected]
Objet : [FW-1] Sic Failure


Thanks Mauricio,
I tried with fw sic_reset and it replays me:

There are IKE Certificates that were generated by the
internal Certificate Authority.
Please remove them (using the Policy Editor) so that
the internal Certificate Authority can be destroyed.

SIC Reset operation could not be completed

So, I removed manually from the objects file the certificate and I
repeated the fw sic_reset, cpstop, cpstart, cpconfig, etc...
Now I have again the inspection UNTRUSTED, but the error message I have
when I try to push the policy has changed:

VPN-1/FireWall-1 policy installed successfully on managment...
 VPN-1/FireWall-1 policy installation failed for module inspection...
 Reason: Connection failed - No response from daemon

Wich daemon ?
On may inspection module is running the fwd deamon, maybe must be run
even the fwm one ? If it is, why doesn't start automatically after
installation ?

Any idea is welcome !
Thanks to all.
bye

roberto



You also could try a fw sic_reset.

However, you have to notice that this procedure reset the SIC
communications with other NG modules, and before do it, you have to
manually remove any certificate generated by the CA.

I hope this could help...


====================================
Mauricio F. Muñoz Quevedo
==============================================



|---------+---------------------------------------------->
|         |           roberto fregoni <[email protected]>   |
|         |           Sent by: Mailing list for          |
|         |           discussion of Firewall-1           |
|         |           <[email protected]|
|         |           kpoint.com>                        |
|         |                                              |
|         |                                              |
|         |           01/02/2003 11:37 a.m.              |
|         |           Please respond to Mailing list for |
|         |           discussion of Firewall-1           |
|         |                                              |
|---------+---------------------------------------------->

>---------------------------------------------------------------------------
-------------------|


|
|
  |        To:
[email protected]
|
  |
cc:
|
  |        Subject: [FW-1] Sic
failure                                                           |

>---------------------------------------------------------------------------
-------------------|





Hi all,
I have a managment with NG-FP1 and an inspection with 4.1 (Solaris
platform).
Now I want to substitute the inspection with a new ws with NG FP1 (with
the same name and ip).
Managment and inspection ping each other.
The problem is that the inspection is in UNTRUSTED state and when I try
to install the policy it replays me:

VPN-1/FireWall-1 policy installation failed for module inspection...
 Reason: Connection failed - SIC failure
 VPN-1/FireWall-1 policy installed successfully on managment...

So I stopped fw on inspection and than I started cpconfig in order to
create a new CA.
Then I start GUI and on inspection object I click on Communication but
when I try to initialize (with the same password of cpconfig) it replays

me:

A certificate with this name already exists, please specify a different
name and try again.

There is anybody out there can help me ?
Thanks in advance.
Best regards

roberto

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.