Hi there is no incomming ssh connection, as long as I leave the polic installed. If I disable the policy, everything runs fine.
But the strange thing: the policy allows ssh, and, as said, the connection appears also as accepted in the Tracker. The ssh is also only a example, the same behaviour I experience with ICMP: ping from SmartCenter to ClusterNode: *works when: - policy disabled OR - HFA_02 uninstalled OR - the source is the active Cluster node *works NOT - HFA_02 installed AND - Source is anything except the second Cluster Node pkc_mls schrieb: > Markus Schmidt a écrit : >> Hi, >> >> I've installed the R61 HFA_02 on my Smart Center and on the standby >> Cluster node. >> However, I'm not able to connect anymore to that Clusternode via ssh >> from my SmartCenter. The Policy allows that connection, and I can see it >> as allowed in the SmartTracker, also. >> >> In addition, I'm able to connect to that Clusternode via ssh from the >> other (active) Clusternode, wich runs without HFA_02 so far. >> If I disable the policy, or remove the HFA_02 from my standby Cluster, I >> can connect to him as expected. >> >> Anyone seen such a behaviour? >> > hello, > > did you check with a tcpdump if the ssh connection from the smartcenter > was fine ? > check in the /etc/ssh/sshd_config that the daemon listen to all the IPs > (ListenAddress parameter). > confirm with a netstat -an. > the ssh is already configured to log, so run "grep -w sshd > /var/log/messages" to see if there > is any entry that match the connection you tried to initialize. >> regards, Markus >> > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= -- Markus Schmidt Tel.: ++49-351-3 18 09 27 interface systems GmbH Fax.: ++49-351-3 36 11 87 Tolkewitzer Straße 49 E-Mail: [EMAIL PROTECTED] D-01277 Dresden Ein Unternehmen der interface:business-Gruppe ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
