[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] SecuRemote "communication with gateway failed"
Sorry for the late reply, haven't been keeping up with the list! :) Anyway, I have NEVER had to rebuild when making this change. The most you MIGHT need to do is to perform a SIC reset, but I haven't had to do this either. I have been on a bunch of Field Service calls lately where we were in and out in 5 minutes because of this issue. All we did was change the general tab and push policy, as the internalCa is associating itself with the external IP. What you are seeing now IS the result of it being "broken." If you have to rebuild the gateway because of this, I suggest you study the internal ca aspects of Firewall-1. You will find that a rebuild is not necessary. Please anyone let me know if your experience says otherwise. Frank Darden Mission Critical Systems, Inc.-----Original Message----- From: jim parker [mailto:[email protected]] Sent: Monday, August 11, 2003 6:07 PM To: [email protected] Subject: Re: [FW-1] SecuRemote "communication with gateway failed" Just change the object and make sure the manager can route to the public address. I also see this all the time as suggested earlier... Jim at fixmyfirewall.com -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of Hal Dorsman Sent: 07 August 2003 19:01 To: [email protected] Subject: Re: [FW-1] SecuRemote "communication with gateway failed" > -----Original Message----- > From: Frank Darden [mailto:[email protected]] > Sent: Thursday, August 07, 2003 11:29 AM > To: [email protected] > Subject: Re: [FW-1] SecuRemote "communication with gateway failed" > > > I commonly see this after an upgrade if the enforcement point is > defined with its internal ip in the general tab. Which is how I have it. I am now thinking about the impact on my rulebase and perhaps spoofing if I change it on the fly during production hours. Thoughts? At first thought, I think it wouldn't matter, but would have to think about it for awhile to be comfortable. Would you think a complete rebuild is necessary as Ken suggests, or may this be as simple as renumbering the gateway and pushing out they new policy? Thanks very much for the help Hal > > -----Original Message----- > From: Ken Cameron [mailto:[email protected]] > Sent: Thursday, August 07, 2003 11:39 AM > To: [email protected] > Subject: Re: [FW-1] SecuRemote "communication with gateway failed" > > > I had similar issues with a firewall I upgraded from 4.1 to NG FP3. > Everything else did fine but not the VPN. In the end I even did the > upgrade to NG AI, still no luck. In the end I bit hard and deleted and > reinstalled the whole firewall and rebuilt the rules etc...from the > start. A pain but now it works fine for VPN. From others and my > investigations I suspect that some buried items came along in the > config from 4.1 and somehow prevented the newer system from working. > Doing the > complete dump and reinstall would have removed those > 'vestiges' from the > config. I hope you find another way, creating all new rules, services, > users, ... was a long job one weekend. > > -ken c > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|