Depending on what the problem is, such as failure to establish SIC, there is another reason. We had our management server connected to the enforcement module via a crossover cable during the initial setup and all was well. When we pointed the management server's default gateway at the network router, SIC could no longer be established even though the enforcement module internal interface and the management server were on the same subnet.
If we changed the management server's default gateway to point at the internal IP of the enforcement module, SIC could be established but then we could not connect to the management server from remote GUI clients.
Turned out that the management server needs a route to the EXTERNAL interface of the enforcement module. The router lacked such a route even though it had a route to the internal interface. Took a few weeks to figure this one out.
Ray Pesek, CISSP
From: Shawn Behrens <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [FW-1] Port of Management Server in CHKPNT NG AI Date: Tue, 30 Dec 2003 12:03:51 -0500
Close but no cigar. NG uses CPD, and CPD_amon for monitoring; where 4.1 used FW1, and FW1_amon. CPD is TCP 18191, and CPD_amon is TCP 18192.
Correct, CPMI on 18190 is used for GUI to mgmt communication.
Regards
Shawn Behrens Integralis/Activis Managed Security Services 111 Founders Plaza East Hartford, CT 06108 1-860-528-5458
> -----Original Message----- > From: J. Ruff [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 30, 2003 11:24 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Port of Management Server in CHKPNT NG AI > > > CPMI is Mgmt Client --> Mgmt Server. The service you're > looking for is > FW1 (tcp/256). > > > > I think it's CPMI, but I may be wrong. > > Can't you try to use the tracker to see the connection > while it's being > > made? > > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[EMAIL PROTECTED] On > Behalf Of Rajveer > > Kushwah > > Sent: Tuesday, December 30, 2003 5:38 PM > > To: [EMAIL PROTECTED] > > Subject: [FW-1] Port of Management Server in CHKPNT NG AI > > Importance: High > > > > HI, > > > > Can anybody tell me whats the port no which is being used by the > > management > > server to communicate with the Enforcement module in CHKPNT > NG AI - R54? > > > > Please help ASAP. > > > > Regards, > > Rajveer > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= >
Please note that:
1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent.
http://www.integralis.com
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Check your PC for viruses with the FREE McAfee online computer scan. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
