|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Problem in setup NG FP3 on Solaris
Non
success after I did unload the policy on the firewall module after CP support
told me that. To be success to ping, I have to uninstall all the CheckPoint
software on the firewall module. Since my Solaris box has small tiny subnet
masks (255.255.255.192) on all the interfaces, I wonder whether CP supports that
or not. Later we want to subnet to different subnet masks on the interfaces.
Thanks.
Ryan
Jiang
on your firewall
module, run a fw unload localhost (to unload the default filter). try your
ping and SIC afterwards.
Nicolas Figaro
Ruiyuan Jiang a
écrit:
That is what I just did. On the gui client I added one checkpoint
node and then I am trying to communicate the module but failed. When I tried
to ping, telnet,etc to management station from the module host. I saw
a similar message on the module:
#
ping "management host"
fwstrmod_filter (out): no interface information
(3f33bf0)
From the management station, it can't ping the module
either.
Ryan Jiang
Ruiyuan
Jiang a écrit:
Hi, all
I am in the process to test setup NG FP3 on
Solaris 9 with distributed environment which seperates firewall module
and management server (both Solaris 9). I am thinking to allow these
systems only use local hosts file to resolve themselves instead of DNS,
etc. I installed SVN foundation first and then immediately installed
firewall software on these systems. For one system I chose the option
"management server" and the other one system with option "firewall
module" in "cpconfig". When I launch GUI client software and tried to
connect to the firewall module, I got a message "initilized but not
trusted" in the communication section of the Check Point module of GUI
client even when I unloaded security policy on the firewall module. I
can't communicate with the firewall module host in and out (it seemed
that the network cable is unplugged from network on the firewall module
host). If I delete the Check Point software from the firewall module
host so it became a regular UNIX host, I can ping, telnet, ftp, etc. in
and out the firewall module host (it seems that I plugged network cable
on the firewall module host). Does anyone see this problem before?
Thanks in advance.
Ryan Jiang After the
cpconfig, you have to declare your firewall module on the GUI, and set the
one-time password for SIC dialog. (the management will send a
certificate to the module, crypted with a password). You can test the
SIC status on the management console. The module won't accept rules
unless the SIC status is OK. This replaces the putkey that was used on
older version (3.0, 4.0, 4.1).
Nicolas Figaro
|
|