Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Antw: [FW-1] Management NG AI - Module 4.1

To: [email protected]
Subject: [FW-1] Antw: [FW-1] Management NG AI - Module 4.1
From: Daniel Borgmann <[email protected]>
Date: Fri, 5 Sep 2003 10:32:05 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

We had the same problem. Upgrading a 4.1 managementstation to NG AI
and managing a 4.1 fw-module. to solve the problem we replaced the encryption
method in the conrol.map from skey to fwn1. example:

old:
MASTERS: getkey,gettopo,gettopossl,certreq/none   fwn1_opsec/fwn1 ssl_opsec/ssl */skey
CLIENT : load,db_download,fetch,log/skes    fwn1_opsec/fwn1 ssl_opsec/ssl  */none

new:
MASTERS: getkey,gettopo,gettopossl,certreq/none   fwn1_opsec/fwn1 ssl_opsec/ssl */fwa1
CLIENT : load,db_download,fetch,log/fwa1    fwn1_opsec/fwn1 ssl_opsec/ssl  */none

now it works...

regards
Daniel Borgmann


Triaton GmbH - A company of ThyssenKrupp Serv
Onsite Services - Network Solutions/Internet & Security
Schnieringshof 12 - 45329 Essen
Tel : +49 203 52 68839 / Fax: +49 231 942 13 2137


>>> [email protected] 31.07.03 17:31:46 >>>
Hello,
I have migrated my local managemet and my modules to NG AI. Mgmt is Solaris
9, formerly it was on a different machine with differnt hostname and
different IP.
I also have a remote site FW-1 still with 4.1 Sp6 SSL Hotfix. I am managing
this box still with my old mgmt (4.1 SP6) since i cannot get the new mgmt to
talk to it. The new mgmt has BC installed. First I thought upgrade_im- and
_export would pick the putkeys also, but this did not work. Then I did the
putkeys manually from module to new mgmt and vice versa, I also tried fw
putkey -n, both to no extend.
The remote machine has the right ruleset to allow the new mgmt. When I try
to install a new policy from Smart Center, I get an error "Connection
refused" without any further details. In the logviewer I see the connections
being accepted. fwd.elg shows nothing. Fw fetch also does not work.
So, where is the trick to get my old 4.1 module to speak to my new mgmt? Any
ideas?
Cheers
Steffen

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] <Spam> Re: Your application
Next by Date: [FW-1] <Spam> Re: Thank you!
Previous by thread: [FW-1] <Spam> Re: Your application
Next by thread: [FW-1] <Spam> Re: Thank you!
Index(es):
- Date
- Thread