Did they do a fwm debug and see anything? How about a truss? In some of cases, if you do a truss, the FWM proccess will show that this file is not accessible, and needs to be deleted so the software can recreate it:
In your case, replace /opt/cpshared/5.0/ with mdenv CMA_IP ; $FWDIR Solution ID: #sk11442 Product: FireWall-1 Version: NG Last Modified: 15-Apr-2005 Symptoms Error messages in "Install Policy" window Error: "ndb_open database 'magic number corrupt' /opt/cpshared/5.0/database/session.NDB" Cause The /opt/cpshared/5.0/database/session.NDB file is corrupted Solution To generate a new /opt/cpshared/5.0/database/session.NDB file, proceed as follows: On the Management Soerver 1. In the command prompt, issue cpstop. 2. Remove the /opt/cpshared/5.0/database/session.NDB file. 3. In the command prompt, issue cpstart. 4. Reinstall the Policy. Note: This file is used to hold session oriented information used while the VPN-1/FireWall-1 Module is running. It will be regenerated after the Policy is installed again. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Thursday, July 20, 2006 9:53 PM To: [email protected] Subject: [FW-1] Issues Provider-1 NG Feature Pack 3 with HFA-318 running on Solaris 9 Hi everyone, Anyone still running P-1 NG Feature Pack 3 with HFA-318 on Solaris 9 in your environment? I have a P-1 distributed environment (separate Manager & Containers). Every now and then, one of the CMAs just stops working for no reason at all. In other words, the fwm process just dies for no reason. I tried to stop/start from the MDG without success. I even tried to do mdsstop_customer cma-ip and mdsstart_customer cma-ip and that didn't work either. I also tried "mdsenv cma-ip" and then cpstop;cpstart and that too didn't work either. Basically the fwm process is somehow corrupted beyond repair. I escalated this problem to checkpoint TAC but they have been useless as usual. My only option is to restore from backup tape all the directory of that particular CMA (i.e. mdsenv; cd $MDSDIR/customers/xxx). Obviously, this is not what I prefer because I do lose some changes for that CMA in the last 24 hours. At $1500 per ticket that we have to Checkpoint for tech support, my personal feeling is that if I spend this on a professional escort service, unlike checkpoint, the outcome is definitely satisfactory with first class service -:) I am wondering if anyone in this list experiencing the same issue that I am experiencing now. I like to hear from you. As always, thanks. cisco4ng --------------------------------- How low will we go? Check out Yahoo! Messenger's low PC-to-Phone call rates. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ------------------------------------------------------------------------------ This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. -------- IRS Circular 230 Disclosure: Please be advised that any discussion of U.S. tax matters contained within this communication (including any attachments) is not intended or written to be used and cannot be used for the purpose of (i) avoiding U.S. tax related penalties or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
