Check Point is usually pretty good about backwards compatability, but
I've never seen a software manufacturer do firewards compatability....
Check Point would definitely say that your management console must be
the most current - regardless of authentication, moduels change, object
formats might change, libraries change, etc.
Jason Murray wrote:
>
> Okay, I've given up hunting for a solution. Likely I can't even do what I am
> trying to do. Here are the facts.
>
> I have a management server version 4.0 build 4094. It is using s/key between
> itself and two firewall modules (also version 4.0 build 4094). Everything is
> working fine.
>
> I am trying get this management server to communicate with a new firewall
> module that was just installed. This new module is running version 4.1 build
> 41439.
>
> In my initial attempt, I edited the control.map and changed all occurrences
> of fwa1 to skey. Then I used on the management server I do: "fw putkey -n
> <address of management server> <address of firewall module>" and enter a
> password when prompted. On the firewall module I do: "fw putkey -n <address
> of firewall module> <address of management server>" and enter the same
> password as entered on the management server. This, according to all the
> documentation that I can find is all you should need to do.
>
> The only other thing I have tried is to put a NON-ENCRYPTED line in the
> firewall modules control.map, on the off chance that this might work. It
> does mention to do this on the 4.1 management server to talk to older
> firewall modules, so I thought what the heck.
>
> The error that I get when I try to push the policy to this new host is:
> Authentication for command load failed
> Failed to Install Security Policy on <new firewall>: Unauthorized action
>
> Any help that you can provide would be appreciated.
> Am I stuck upgrading my management server to 4.1?
>
> Thanks in advance.
>
> --Jason Murray - 3588 (Mike)
> "Our greatest glory is not in never falling, but in rising every time we
> fall."
> -Confucius
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
