[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Fetching Security Policy from 10.0.3.15 failed

To: Heiko Ploehn <ploehn@amps.de>
Subject: Re: [FW1] Fetching Security Policy from 10.0.3.15 failed
From: fw <fw@killhup.cx>
Date: Sat, 30 Oct 1999 10:48:25 -0400 (EDT)
cc: Geoff Kasten <gkasten@dimension.net>, fw-1-mailinglist@lists.us.checkpoint.com
In-Reply-To: <199910291905.OAA15807@hale-bopp.ts.checkpoint.com>
ReSent-Date: Wed, 10 Nov 1999 14:15:55 -0900 (AKST)
ReSent-From: Mail account <mailarch@shmoo.com>
ReSent-Message-ID: <Pine.BSF.4.05.9911101415540.10822@archimedes.shmoo.com>
ReSent-Subject: Re: [FW1] Fetching Security Policy from 10.0.3.15 failed
ReSent-To: mailarch@shmoo.com
Sender: owner-fw-1-mailinglist@lists.us.checkpoint.com



Geoff:

Have you changed the Ip of the mangaement station or daemon lately?

We ran into this problem when we changed some IP's and could not get them
to sync ever again, what we finally did was edit a file
$FWDIR/database/authkeys.C, near the top you will see an entry 
	:myname (1.2.3.4)
with 1.2.3.4 being the IP address of the respective machine you are one.
Check the files on both management and daemon to ensure that IP matches
the one you are useing and change if nessissary.  After the edit
everything synced back up.

Good luck,

Kell

On Fri, 29 Oct 1999, Heiko Ploehn wrote:

> 
> Hi Geoff,
> 
> I know it sounds silly, but did you try to redo the fw putkey in both 
> direction between both machines. If this don't help you can try to reinstall 
> the licenses. I have had within FW-1 4.0 this problem sometimes. I've even 
> seen such configurations running on friday and on monday we had to reinstall 
> the licenses to get working again. In my opinion there arised a bit of 
> instability with version 4.0 in this area. With  3.0 I didn't see this before.
> 
> Maybe this helps.
> 
> Heiko Ploehn
> 
> 
> > 
> >  This problem is driving me crazy.  If anyone could help I would really
> > appreciate it.  The firewall module cannot communicate with management
> > module, but the management module can push rulebases to the firewall.
> > It is a one way communication.  Usually you have to do a
> > (fwstop;fwstart) on the firewall and this will allow the two to
> > communicate again.  When it does the fw start it tries fetching the rule
> > base from the management module and fails and kicks back and loads it
> > locally.  I know this will also happen when the putkeys are out of sync,
> > but I am not getting an authentication problem.
> > 
> > If I try doing a fw fetch from the firewall and I get this message.
> > 
> > gw-1# fw fetch 10.0.3.15
> > Trying to fetch Security Policy from 10.0.3.15:
> > Fetching Security Policy from 10.0.3.15 failed
> > 
> > Could it be there is a problem with the management module?
> > 
> > The firewall is:
> > A: firewall trying to connect to the mm, but it fails
> > B: mm can push to the firewall
> > 
> > 
> > ideas.  I have searched everywhere and have had not luck. I have also
> > checked the license and they seemed to be okay.  They are evals that
> > expire on 30nov99.  They have been working just fine for two weeks.
> > Thanks in advance.
> > 
> > Geoff
> > 
> > 
> > 
> > ================================================================================
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> > ================================================================================
> > 
> 
> -- 
> Dr. Heiko Ploehn                               AM Professional Services GmbH
> Tel.: +49 89 64916339                          Geschwister-Scholl-Str. 4
> Fax.: +49 89 6411636                           82031 Gruenwald
> email ploehn@amps.de
> 
> 
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] 3DES Authorization
Next by Date: RE: [FW1] Caught in the middle
Prev by thread: RE: [FW1] 3DES Authorization
Next by thread: RE: [FW1] Caught in the middle
Index(es):
- Date
- Thread