In summary it seems to work now. Have to test some more but now I have a
running gateway and management and I can push rulebases to it.
The workaround currently consists of the following steps:
- creating an install user with uid 0
- modifying /etc/fw.boot/ifdev file, comment out most not used interfaces
- copy default.bin from another R55 installation
- backing out of patch 112963-22
Wilco
Wilco wrote:
Hallo Michael,
Thanks for your answer.
I didn't think the V210 was supported with solaris8; but more important,
we usually only support what Sun delivers out of the box, for the V210
this means I have to use either solaris 9 or 10, and for R55 that
means 9.
However, in the meantime I have also made some progress. I tried again
to go around the cpconfig issue with the default.bin from another R55-15
installation. Then I edited /etc/fw.boot/ifdev and commented out most
lines I don't expect to use in the future (the chances that I will later
install a lance or le0 interface in this hardware are "slim" to say the
least) and moved the bge a bit more to the top, right under hme.
That appears to solve most autopush errors.
Finally, Secure Knowledge started working again and there I found an
article describing core dump issues with patch 112963-22 (a
linker-patch). I backed-out of that patch and the VPN-1 driver load
succeeds and the fwm process finally starts and keeps running. No
connection with a gui-client yet, I'll clean the installation and try
again.
thanks,
Wilco
Michael Schwartzkopff wrote:
hi,
I ran into the same problem with the latest Solaris version. I also
tried the solution at phoneboy. But it did not help. I was lucky that
I had old install CDs around. So I gave it up and installed the old
Solaris version. No problems with that.
Greetings, Michael
Am Freitag, 16. Dezember 2005 17:07 schrieb Wilco:
Hello all,
I am setting up a new R55 single gateway system on a Sun Fire V210
running solaris 9. It is a new machine, I am using the most recent 9
sun
alert patch cluster on a solaris9 0803 core install. After the core I
install Disksuite and the minimal needed packages for install (libC,
libCx, ter, admc and admfw).
My first issue was the UnixInstallScript failed with with write errors,
I worked around that using
http://www.phoneboy.com/bin/view.pl/FAQs/SolarisInstallAndUpgradeIssueWorka
round After creating the instal user the script install works.
But:
When I run cpconfig after installation to configure the product I
choose
to configure the install as a "Smartcenter Express and VPN-1 Express
Gateway", (so both module and mangement on the same hardware, what used
to be called a single gateway installation).
At the stage
Generating default filter
I get a segmentation fault which I believe is normal, after that the
config stops with the following error:
cp: cannot access /opt/CPfw1-R55/state/default.bin
Cannot copy default filter to /etc/fw.boot
cpconfig: Configuration aborted.
It turns out the state directory is empty. I have tried re-applying HFA
15, downloaded another R55 wrapper from checkpoint, but I still got
this
error.
Once I tried to work around it by using the filterfile from another
HFA15 installation (also on a V210) but then at the boot-security-phase
I get BGE errors:
FW-1: Autopushing over bge
ap: ioctl failed: Out of stream resources
FW-1: bge autopush failed: resetting...
followed by a help text from the autopush (1M) command and a statement
that bge0 is not found in table.
I found references to issues with Sun V210 (or 240) Bge interfaces and
R55 with older HFA's (04 and earlier) but these have been fixed now.
I have tried using the same installation files as on the other
V210's (a
HFA 11 wrapper with separate HFA15), tried HFA17 but all fail the
sameway. My other V210's are running fine on solaris9 /R55-HFA11 and
15;
only with earlier patch clusters. I tried to find differences in patch
levels of the bge drivers but these are the same (112233-12) on all
machines.
Unfortunately Secure Knowledge doesn't work (500 Internal server
errors), and the bge fixes on google and phoneboy don't work.
I hope anyone can give me some pointers as to how to fix ths issue. As
usual I'm under time pressure so any hint would be greatly appreciated.
thanks!
Wilco
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
