Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Ip of the Management station translated

To: [email protected]
Subject: [FW-1] Ip of the Management station translated
From: Marcus Vinicius <[email protected]>
Date: Thu, 21 Aug 2003 20:15:42 -0300
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Dear Sir,

        I'm newbie on NG and besides the fact that a lot of e-mails were
send back and forth about this problem I'm having a hard time to make my
enforcement module fetch the policy from the management server. Below is my
scenario:


Manager Station        Translation         Manager_NATed Station
Network          Enforcement Module
                          -------------------------->
-------------------------->
(172.20.50.150)        Router Cisco                (10.0.48.150)
Private Net              (10.200.51.100)


        Both, manager and enforcement module, are running NG-AI. We have the
following objects already defined:

- Manager: defined in the conversion of the rules from 4.1 to NG as a
"Interoperable Device" type host, "primary management station". I changed it
later from host to gateway (still as a "Interoperable Device"). It keeps the
rule base;
- Manager_NATed: defined manually as a "CheckPoint Object" type host,
"secondary management station";
- Piratininga (enforcement module): it was defined automatically in the
conversion of the rules from 4.1 to NG as a "Check Point" object. The two
objects above are defined as masters in this object (Piratininga --> Logs
and Masters --> masters).

        In this scenario, the log is been sent to the IP address of the
Manager_NATed and received correctly by the Manager after the IP translation
and the rules are also correctly applied from the Manager to the enforcement
module. But every time the enforcement module tries to fetch the rules from
the Manager_NATed (the TCP connection is being established) the following
message appears: "Peer sent SIC name that is different than the one
configured for it on Module".

Could, please, anyone help me with that?

Thanks in advance.

Marcus Vinicius Ferreira Correia
Cetip - Central de Custódia e de Liquidação Financeira de Títulos
Av. República do Chile, 230/11 andar - Centro - Rio de Janeiro - R.J.
Tel.: 55-21-2276-7544   Fax: 55-21-2276-7471
E-mail: [email protected]

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Checkpoint and Nokia
Next by Date: [FW-1] arp question for statically net address
Previous by thread: [FW-1] PFS settings on NG-FP3-HF2 <-> v41-SP6 VPN Tunnel
Next by thread: [FW-1] arp question for statically net address
Index(es):
- Date
- Thread