Is this a Nokia? There is a known issue with upgrading a Nokia to R61 in that it does just what you said: It loads the initial policy instead of the existing one. I don't think the article applied to R62, though. I think the "workaround" in the Nokia article was to use a console cable to restore access, as sad as that sounds.
Ray > Date: Tue, 11 Dec 2007 21:09:08 -0500 > From: [EMAIL PROTECTED] > Subject: Re: [FW-1] boot security > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > > Bill, the firewall should not be loading the initial policy because it > can't contact the management server. > > The initial policy is loaded after first install and upon version > upgrades. After you install the a real policy it should be running that > policy even when it cannot contact the management server, as the > firewall starts it should load the local copy of the last installed > policy. > > If you're pushing an upgrade remotely, prior to rebooting, re-login and > use the "control_bootsec -r" command to make sure it doesn't run the > initial policy so you can get back in. > > Otherwise, you need to troubleshoot what's happening to your local > policy copy. > > David Barker > Senior Security Engineer > Internet Security Division, Compuquip Technologies > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Bill > Smith > Sent: Tuesday, November 27, 2007 3:44 PM > To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM > Subject: [FW-1] boot security > > Hi Guys, > > We have few FW-1s scattered all over the world. NGX R61 and R62 > None of them have console access. > > To prevent them from blocking access. I have downloaded a document, > sk21436, and followed instruction 1 by 1. (customized Default filter) > But still being blocked once the enforcement module can't contact the > management server. The enforcement module loads it localpolicy. > > By modifying the InitialPolicy, I thought I am ok. But still being > locked out. > > Anyone has done this before and got it working, plz give me some > advice. > > Thx in advance. > > Bill > > > --------------------------------- > Never miss a thing. Make Yahoo your homepage. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= _________________________________________________________________ i’m is proud to present Cause Effect, a series about real people making a difference. http://im.live.com/Messenger/IM/MTV/?source=text_Cause_Effect Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
