|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Problem in setup NG FP3 on Solaris
That
is what I just did. On the gui client I added one checkpoint node and then I am
trying to communicate the module but failed. When I tried to ping, telnet,etc to
management station from the module host. I saw a similar message on the
module:
# ping
"management host"
fwstrmod_filter (out): no interface information
(3f33bf0)
From
the management station, it can't ping the module either.
Ryan
Jiang
Ruiyuan Jiang a
écrit:
Hi, all
I am in the process to test setup NG FP3 on
Solaris 9 with distributed environment which seperates firewall module and
management server (both Solaris 9). I am thinking to allow these systems
only use local hosts file to resolve themselves instead of DNS, etc. I
installed SVN foundation first and then immediately installed firewall
software on these systems. For one system I chose the option "management
server" and the other one system with option "firewall module" in
"cpconfig". When I launch GUI client software and tried to connect to the
firewall module, I got a message "initilized but not trusted" in the
communication section of the Check Point module of GUI client even when I
unloaded security policy on the firewall module. I can't communicate with
the firewall module host in and out (it seemed that the network cable is
unplugged from network on the firewall module host). If I delete the Check
Point software from the firewall module host so it became a regular UNIX
host, I can ping, telnet, ftp, etc. in and out the firewall module host (it
seems that I plugged network cable on the firewall module host). Does anyone
see this problem before? Thanks in advance.
Ryan Jiang After the
cpconfig, you have to declare your firewall module on the GUI, and set the
one-time password for SIC dialog. (the management will send a certificate
to the module, crypted with a password). You can test the SIC status on
the management console. The module won't accept rules unless the SIC
status is OK. This replaces the putkey that was used on older version
(3.0, 4.0, 4.1).
Nicolas Figaro
|
|