Hi, I have just done a debug (fw debug fwd on --> fwd.elg) with this result:
[FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] fwValidateCert:certificate - CN=Firewall2,O=gestionfw..hed72t [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] notBefore: Tue Mar 1 10:44:42 2005 Local Time [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] notAfter: Mon Mar 1 10:44:42 2010 Local Time [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] now: Thu Mar 4 10:39:01 2010 Local Time [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] cert start grace period=7200 cert end grace period=0 [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] fwValidateCert: certificate is obsolete [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] ckpSSL_VerifyCertCallback Validate Path failed [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] SSL e stack [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] 4314:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certifica te returned:s3_srvr.c:1804 [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] ckpSSL_NegotiateStep: Current step failed. Error is: 336105650 [FWD 4314 20026302...@gestionfw[4 Mar 10:39:01] ckpSSL_fwasync_connected: no connections err -3 Problems with the certifícate i have done a SIC reset and is OK. Thanks Antonio -----Mensaje original----- De: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] En nombre de pkc_mls Enviado el: miércoles, 03 de marzo de 2010 15:04 Para: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Asunto: Re: [FW-1] Problems to install policy after renew cluster certificate Antonio Barrantes a écrit : > Hi everyone, > > I have a problema to install policy after renew cluster certifícate. Hi, can you please indicate how you renewed the certs ? > > Attached text to critical alarm: > > Installation Targets Version Policy Type > Details > ClusterSistemas NG AI Advanced Security > Reason: Internal SSL authentication SSL error [ Unknown ]. ( message from > member Firewall2) > > ClusterSistemas NG AI Advanced Security > VPN-1/FireWall-1 policy installation canceled for Module Firewall1 (member of > ClusterFirewall)... ( message from member Firewall1 ) > ClusterSistemas NG AI Advanced Security > Policy installation canceled. Checkpoint NG AI is not supported anymore, so if you can't solve your issue, don't expect checkpoint support to help you. you should check the logs on the firewall2, and also enable fwm debug on the smartcenter, then check fwm.elg file. > > I didn´t found any information in Checkpoint support. > > Anyone have any solution for it. > > Thanks > > Antonio Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================
