| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] SecuRemote "communication with gateway failed"
- To: [email protected]
- Subject: Re: [FW-1] SecuRemote "communication with gateway failed"
- From: Frank Darden <[email protected]>
- Date: Tue, 12 Aug 2003 13:28:09 -0400
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcNgVetIaQHKfAS2T/GmBo9l2NkXnAAoGS2Q
- Thread-topic: [FW-1] SecuRemote "communication with gateway failed"
Sorry for the late reply, haven't been keeping up with the list! :)
Anyway, I have NEVER had to rebuild when making this change. The most
you MIGHT need to do is to perform a SIC reset, but I haven't had to do
this either. I have been on a bunch of Field Service calls lately where
we were in and out in 5 minutes because of this issue. All we did was
change the general tab and push policy, as the internalCa is associating
itself with the external IP. What you are seeing now IS the result of it
being "broken." If you have to rebuild the gateway because of this, I
suggest you study the internal ca aspects of Firewall-1. You will find
that a rebuild is not necessary. Please anyone let me know if your
experience says otherwise.
Frank Darden
Mission Critical Systems, Inc.-----Original Message-----
From: jim parker [mailto:[email protected]]
Sent: Monday, August 11, 2003 6:07 PM
To: [email protected]
Subject: Re: [FW-1] SecuRemote "communication with gateway failed"
Just change the object and make sure the manager can route to the public
address.
I also see this all the time as suggested earlier...
Jim at fixmyfirewall.com
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Hal
Dorsman
Sent: 07 August 2003 19:01
To: [email protected]
Subject: Re: [FW-1] SecuRemote "communication with gateway failed"
> -----Original Message-----
> From: Frank Darden [mailto:[email protected]]
> Sent: Thursday, August 07, 2003 11:29 AM
> To: [email protected]
> Subject: Re: [FW-1] SecuRemote "communication with gateway failed"
>
>
> I commonly see this after an upgrade if the enforcement point is
> defined with its internal ip in the general tab.
Which is how I have it. I am now thinking about the impact on my
rulebase
and perhaps spoofing if I change it on the fly during production hours.
Thoughts? At first thought, I think it wouldn't matter, but would have
to
think about it for awhile to be comfortable. Would you think a complete
rebuild is necessary as Ken suggests, or may this be as simple as
renumbering the gateway and pushing out they new policy?
Thanks very much for the help
Hal
>
> -----Original Message-----
> From: Ken Cameron [mailto:[email protected]]
> Sent: Thursday, August 07, 2003 11:39 AM
> To: [email protected]
> Subject: Re: [FW-1] SecuRemote "communication with gateway failed"
>
>
> I had similar issues with a firewall I upgraded from 4.1 to NG FP3.
> Everything else did fine but not the VPN. In the end I even did the
> upgrade to NG AI, still no luck. In the end I bit hard and deleted and
> reinstalled the whole firewall and rebuilt the rules etc...from the
> start. A pain but now it works fine for VPN. From others and my
> investigations I suspect that some buried items came along in the
> config from 4.1 and somehow prevented the newer system from working.
> Doing the
> complete dump and reinstall would have removed those
> 'vestiges' from the
> config. I hope you find another way, creating all new rules, services,
> users, ... was a long job one weekend.
>
> -ken c
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
