Hi, Just when I thought I had cracked it !...............help please !
I had two standalone IP440s each with a managment & firewall module.
I wanted to use one as failover, and found that I needed to run the
management module on a third platform to make stateful failover possible.
Having got my licences sorted out, I now have the management module running
successfully on W2K.
However, all is not sweetness & light as, on what will be my failover
IP440, I cannot load a policy from the new management station.
When I try I get :-
policy1.W: Security Policy Script generated into policy1.pf
policy1:
Compiled OK.
Downloading Security Policy C:\WINNT\FW1\4.1\conf\policy1.pf to xxxxxx
Failed to Download Security Policy on xxxxxx: Connection refused
Installing Security Policy on xxxxxx failed
I should mention that I have changed IP addresses too (now running on the
live lan ; changed licences just the once for all requirements while I
could still do it via the CP licence centre) and added the new licence
(which was a VPN/FW module licence only - no Management module) to this
platform using the "-o" option to remove all previous licences.
Now, when I try to start the FW-1 with "fwstart" I get :-
FireWall-1: Loading kernel module...
FW-1: Driver installed
Oct 12 16:47:08 xxxxxx [LOG_CRIT] kernel: FW1 driver loadable interface called.
Module loaded as ID 0
Oct 12 16:47:10 xxxxxx [LOG_CRIT] kernel: FW-1: 3 interfaces installed
FireWall-1: starting VPN-1 Accelerator
FW-1: The VPN Accelerator driver is not responding
VPN-1 Accelerator Card is not enabled
FireWall-1: failed to start VPN-1 Accelerator
FireWall-1: Starting fwd
FireWall-1: Starting fwm (Remote Management Server)
FireWall-1: Fetching Security Policy from localhost
Trying to fetch Security Policy from localhost:
..... and the box is now "hung" ........... so I have obviously missed
something in the transfer of the management module and this firewall is
searching for its policy, locally only. I assume that this is why the
managemengt station cannot perform the load.
Can anyone tell me what I need to do to get around this ? What controls where FW-1
looks for the policy ??
I have a feeling that I have probably missed something else too .... like
authentication keys ?
Many thanks ; always appreciated !
Have a good weekend,
Cheers, Gordon
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
