[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-1
Subject: Re: [FW-1] Comm. between Mgmt-Console and fw-1-modul via
From: Bill Osterman <wosterman1 () COMCAST ! NET>
Date: 2002-04-30 17:35:26
[Download RAW message or body]
First. On the firewall enforcement module -->
fw putkey <ipaddressofmgmt>
<type in key>
<confirm key>
fwstop
fwstart
Second. On management station (I am assuming NT) -->
remove "remote module"
add "remote module"
<type in key>
<confirm key>
accept restart of firewall service
Test. Use netstat -an or policy download to verify connectivity between the
two. If it still does not work, repeat enforcement module steps above one
more time and test. This almost always works for me.
If this still does not work, there are files you can remove and start from
scratch. Do it on the enforcement point. You will want to verify this
before trying as I am recalling from memory and have not had to do it in a
long time.
in $FWDIR/conf directory rename all files contaning "auth" and "key" in
them.
in $FWDIR/database (i forget the exact name of the directory) do the
same.
stop and start the firewall service
do the fw putkey thing
stop and start the firewall service again.
----- Original Message -----
From: "Ralf Hanl" <rhanl@HIT-CONSULTING.NET>
To: <FW-1-MAILINGLIST@beethoven.us.checkpoint.com>
Sent: Monday, April 29, 2002 12:26 PM
Subject: [FW-1] Comm. between Mgmt-Console and fw-1-modul via redirector
> I want to connect our management module to the firewall-1 module via a
> linux-maschine (2 NICs) with xinetd as redirector.
> I think I only need the TCP-Ports 256,257,258 to get the communication up
> and work.
>
> But I still have a problem with the communication. When installion the
> policy, the management module says:
>
> Downloading Security Policy /etc/fw/conf/Standard.pf to gatekeeper1
> Authentication for command load failed
> Failed to Download Security Policy on gatekeeper1: Unauthorized action
> Installing Security Policy on gatekeeper1 failed
>
> I think, I have a problem with the putkey command and the master file, or
> something like that.
>
> The firewallconzept we use looks like that, we cannot use NAT, because
there
> are applications which do not support it:
>
>
> Internet
> I
> fw1
> I
> HUB
> official IPs I
> ---------------- Proxy
> rfc IPs I
> HUB
> I
> fw1
> I
> Management Module
>
> Thanks a lot in advance
>
> b.r.
>
> Ralf Hanl
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to LISTSERV@lists.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV@lists.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic