Hello guys,
Yesterday I gave my customer a visit to work on this issue and after hours
of troubleshooting, I finally got it resolved although I'm not quite sure
why my solution worked, so I'm wondering if someone can help me a bit with
that and in that way I might be able to polish things a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sergio Alvarez [EMAIL PROTECTED] wrote:
An obvious solution would be to change the masters file to point to
the IP of the SMC instead of its hostname, but I had tried that in the
past working on a different deployment and had found out the system
Thanks David,
Actually I went through those steps, although I added the hostname manually
to the /etc/hosts file and it got removed when the system rebooted, so I
checked and found the option to do it via Voyager. The commands to provided
to add those hosts via CLI will be useful for my commands
Sergio,
Based off your description, it appears the problems are coming off how SMC
is 'hide-natt'd. Tweaking 'hosts' file anyways is not going to help nor
would it help tweaking the 'masters' file. The $FWDIR/conf/masters file is
auto-generated once SIC is established and policy pushed depending
I forgot to mention one last critical element and that is once you have
edited the $FWDIR/conf/masters file to reflect the SMC IP under Logging, fw
module would require 'cpstop/cpstart'.
-r
On 7/21/07, Rajeev Gupta [EMAIL PROTECTED] wrote:
Sergio,
Based off your description, it appears the
Thanks a lot Rajeev, I will see if we can try that soon, although it could
take some time depending on how busy my customers are and how possible to
cpstop that machine.
Anyway your idea makes a lot of sense.
I appreciate your reply.
On 7/21/07, Rajeev Gupta [EMAIL PROTECTED] wrote:
I forgot
hi,
I guess your mgmt is static NATed and your remote module has no
access to the internal IP of the smc. but it tries to send the logs
to the internal IP instead of the NATed IP of the smartcenter.
please try to create a secondary-mgmt-object with the NATed IP of the
smartcenter server and
Hi Reinhard,
I thought checkpoint NG with AI R54 and higher supposed to fix this.
Under the NAT tab, there is a check box that is supposed to take care
of this. The solution you suggested is for NG Feature Pack 3 or lower.
Reinhard Stich [EMAIL PROTECTED] wrote:
hi,
I guess your
I would start like this:
Do a 'netstat -an | grep 257', for example, to see your module/s connection
status - is it established to the SMC IP or what???
Second debug 'fwd' on both the SMC and FW module 'fw debug fwd on' - leave
it on for a minute or two to capture data and look through
Thanks a lot for all your input guys.
I still haven't had the chance to get my hands on those boxes, that was
supposed to happen today, but my customer called to cancel and it will be
tomorrow afternoon.
My customer deployed the remote Nokia on his own and basically all the boxes
involved
Hello,
We have a deployment with a SmartCenter (SMC) over SPLAT, a couple of Nokia
boxes running IPSO Clustering in front of that SMC, and an extra fw module
also running over Nokia in a remote location.
Everything runs Check Point NGX R60 HFA05.
The remote fw module is new and we have SIC
database to it, it will ignore the 257 that it gets.
-GS
-Original Message-
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Sergio
Alvarez
Sent: Wednesday, July 18, 2007 7:54 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Problem
[mailto:[EMAIL PROTECTED] On
Behalf Of Sergio Alvarez
Sent: Wednesday, July 18, 2007 10:03 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: Re: [FW-1] Problem with logs
Thanks for replying Scott,
I´ll try the cprestart and the cleaning the logs folder, but I'm not quite
sure what did you
Of Sergio
Alvarez
Sent: Wednesday, July 18, 2007 7:54 PM
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Subject: [FW-1] Problem with logs
Hello,
We have a deployment with a SmartCenter (SMC) over SPLAT, a couple of
Nokia
boxes running IPSO Clustering in front of that SMC, and an extra fw
module
also
We were having issues with our logs being dropped due
to high sync load. When I would login to the firewall
it would take a while to login, put the user in and
the password prompt would take a couple of miutes
which means I need to remove the DNS.
So I removed the DNS settings out of hte Nokia,
to
Mailing list for discussion of Firewall-1
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
To
FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
cc
Subject
Re: [FW-1] Problem with Logs
hi,
do you have an active-active cluster? we had some situation where fw1
tries to hide outbound dns-traffic behind
Thanks, but the management server has 20gb free.
Check the settings for Logs and Masters on your Management object
Lars
=
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set
Hi, i have a splat NG R55 Enforcement module and the Smart Center Server on
a Windows machine.
The problem that i have, it 's that i connect to smart Center with
SmartTracker, it doesn't recive logs.
It shows only logs that say: The log repository quota has been exceeded. No
file could be
check disk space in you management
-Original Message-
From: Mailing list for discussion of Firewall-1
To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
Sent: 07/12/2005 01:36 p.m.
Subject: [FW-1] Problem with logs
Hi, i have a splat NG R55 Enforcement module and the Smart Center Server
Thanks, but the management server has 20gb free.
-Mensaje original-
De: Lino Eduardo Avila Rodríguez [mailto:[EMAIL PROTECTED]
Enviado el: Wednesday, December 07, 2005 4:00 PM
Para: 'Alvaro Gastambide '; 'Mailing list for discussion of Firewall-1 '
Asunto: RE: [FW-1] Problem with logs
20 matches
Mail list logo
