[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Sic Failure
To do a clean fwm sic_reset, you can follow the procedure outlined by sk14532. It'll tell guide you in how to remove the existing IKE certificates without having to manually play with the files. G'luck, Michel -----Message d'origine----- De : roberto fregoni [mailto:[email protected]] Envoyé : 4 février, 2003 03:09 À : [email protected] Objet : [FW-1] Sic Failure Thanks Mauricio, I tried with fw sic_reset and it replays me: There are IKE Certificates that were generated by the internal Certificate Authority. Please remove them (using the Policy Editor) so that the internal Certificate Authority can be destroyed. SIC Reset operation could not be completed So, I removed manually from the objects file the certificate and I repeated the fw sic_reset, cpstop, cpstart, cpconfig, etc... Now I have again the inspection UNTRUSTED, but the error message I have when I try to push the policy has changed: VPN-1/FireWall-1 policy installed successfully on managment... VPN-1/FireWall-1 policy installation failed for module inspection... Reason: Connection failed - No response from daemon Wich daemon ? On may inspection module is running the fwd deamon, maybe must be run even the fwm one ? If it is, why doesn't start automatically after installation ? Any idea is welcome ! Thanks to all. bye roberto You also could try a fw sic_reset. However, you have to notice that this procedure reset the SIC communications with other NG modules, and before do it, you have to manually remove any certificate generated by the CA. I hope this could help... ==================================== Mauricio F. Muñoz Quevedo ============================================== |---------+----------------------------------------------> | | roberto fregoni <[email protected]> | | | Sent by: Mailing list for | | | discussion of Firewall-1 | | | <[email protected]| | | kpoint.com> | | | | | | | | | 01/02/2003 11:37 a.m. | | | Please respond to Mailing list for | | | discussion of Firewall-1 | | | | |---------+----------------------------------------------> >--------------------------------------------------------------------------- -------------------| | | | To: [email protected] | | cc: | | Subject: [FW-1] Sic failure | >--------------------------------------------------------------------------- -------------------| Hi all, I have a managment with NG-FP1 and an inspection with 4.1 (Solaris platform). Now I want to substitute the inspection with a new ws with NG FP1 (with the same name and ip). Managment and inspection ping each other. The problem is that the inspection is in UNTRUSTED state and when I try to install the policy it replays me: VPN-1/FireWall-1 policy installation failed for module inspection... Reason: Connection failed - SIC failure VPN-1/FireWall-1 policy installed successfully on managment... So I stopped fw on inspection and than I started cpconfig in order to create a new CA. Then I start GUI and on inspection object I click on Communication but when I try to initialize (with the same password of cpconfig) it replays me: A certificate with this name already exists, please specify a different name and try again. There is anybody out there can help me ? Thanks in advance. Best regards roberto ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|