{\rtf1\ansi\deff0{\fonttbl {\f0\fswiss\fcharset0 Arial;}{\f1\fswiss\fprq2 Arial;}}
{\colortbl ;\red0\green0\blue255;}
\uc1\pard\cf1\lang1033\ulnone\f0\fs20 Also ensure that the time is set correctly on both firewall and firewall manager, and that the fw putkey is done at the same time on both servers.\par
\par
A command I have found very useful to check comms between manager and firewall is\par
\par
fw stat -long Fwb\par
\par
When everything is working it will return the status of the remote firewall.\par
\par
\par
Adrian\par
\par
\pard\li360\cf0\protect\f1\fs16 -----Original Message-----\par
\protect0\pard\protect\fi-1440\li1800\tx1440\b From:\tab\b0 Churcher, Simon [SMTP:[EMAIL PROTECTED]]\par
\b Sent:\tab\b0 Sunday, February 18, 2001 11:19 PM\par
\b To:\tab\b0 'Roelandts, Guy'; '[EMAIL PROTECTED]'\par
\b Subject:\tab\b0 RE: [FW1] 4.1-SP2 Management Server problem\par
\protect0\pard\protect\li360\f0\fs20\par
\par
Hi,\par
\par
I'm not sure on how to debug the firewall but here are the steps that I\par
would take and have worked several times:\par
\par
*\tab Ensure that DNS resolves FWb on FWb and the External Address of the\par
management module to the object names\par
*\tab Stop the management station\par
*\tab Stop the FW module on FWb\par
*\tab do 'fw putkey <ext. IP of FWb>' on the management station (then\par
enter the secret key)\par
*\tab on FWb, do 'fw putkey <int IP of mgmt> <ext IP of management>'\par
*\tab Start management module\par
*\tab Start FWb module\par
*\tab In the 'masters' file on FWb, make sure you have the ext. IP address\par
(or host name) of the management module and the internal address of the\par
management module\par
\par
I hope this is of some use.\par
\par
regards,\par
\par
simon\par
\par
-----Original Message-----\par
From: Roelandts, Guy [\cf1\ul mailto:[EMAIL PROTECTED]\cf0\ulnone ]\par
Sent: 18 February 2001 19:53\par
To: '[EMAIL PROTECTED]'\par
Subject: [FW1] 4.1-SP2 Management Server problem\par
\par
\par
\par
Hi all,\par
\par
I am currently facing a problem with a new installation.\par
\par
In fact I have a Management Server sitting behind a Firewall,\par
let's call them MGMT and FWa, this management server serves also\par
another Firewall, let's call him FWb.\par
\par
Between MGMT and FWa everything works fine, Fwb can fetch it's\par
security policy from MGMT, but MGMT fails to push the security\par
policy to FWb. I get the message : Authentication failed for\par
command load, I am almost 100% sure this is a key issue, because\par
when I disable the authentication, by modifying the control.map,\par
everything works fine.\par
\par
I have done, re-done and re-done again the putkeys on both MGMT\par
and FWb ... but it still fails, I have read quite some posting from\par
the CheckPoint support site, from this mailing list archives and also\par
from the Phoneboy site ... but still problems. I have re-installed\par
the Firewall from scratch, removed the keys on both systems by\par
editing the authkeys.C files, I have removed the client from the\par
clients file of MGMT and removed the management server from the masters\par
file on FWb \par
\par
Last thing that might be important MGMT is NATted, statically of course.\par
\par
Three questions : \par
\par
1. is there a way to debug this ? I know you can fw fetch -d, but is\par
there a way to do it the other way in debug mode ?\par
\par
2. just to be sure, what is the exact syntax of the fw putkey command to\par
use on both systems ? I found several different ones \par
\par
3. is there a place on either MGMT or FWb where I could look for a\par
hint ? an error ?\par
\par
Met vriendelijke groeten - Bien \'e0 vous - Kind regards\par
\par
Guy ROELANDTS\par
Compaq Software Engineer - Belgium\par
E-mail : [EMAIL PROTECTED]\par
Tel: +32(02)729.77.44 (options 3 - 3 - 1)\par
Fax: +32(02)729.77.65\par
\par
\par
============================================================================\par
====\par
To unsubscribe from this mailing list, please see the instructions at\par
\cf1\ul http://www.checkpoint.com/services/mailing.html\cf0\ulnone\par
============================================================================\par
====\par
\par
\par
________________________________________________________________\par
The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.\par
\par
Thank you,\par
Standard & Poor's\par
\par
\par
================================================================================\par
To unsubscribe from this mailing list, please see the instructions at\par
\cf1\ul http://www.checkpoint.com/services/mailing.html\cf0\ulnone\par
================================================================================\par
\par
}
