Please do not forget to turn off when you are completely done.... cpca_client set_mgmt_tool off
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bob Grabbe Sent: Tuesday, July 29, 2008 3:17 PM To: [email protected] Subject: Re: [FW-1] Trying to recreate vpn certificate OK, this worked, but in my excitement over something actually working, I may have revoked and deleted the wrong certificate. I'm now unable to open the gui management program. I get the error that I can't make the connection, and to be sure the firewall is up and running with my workstation defined as a gui client. It's a start, at least. I'll have to wait until I get home to see if the vpn is working, Monday will be for getting the gui to work again. Thanks for all suggestions, I do feel like I'm getting closer to it. Bob Grabbe Michigan Proteome Consortium [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Previtera, Sal Sent: Friday, August 01, 2008 2:51 PM To: [email protected] Subject: Re: [FW-1] Trying to recreate vpn certificate Try without https: turn on the internal CA mgmt tool (cpca_client set_mgmt_tool on -no_ssl) and then browse to http://FW IP:18265 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bob Grabbe Sent: Friday, August 01, 2008 12:30 PM To: [email protected] Subject: Re: [FW-1] Trying to recreate vpn certificate I try to enable this with the following command: Cpca_client set_mgmt_tool on -p 18265 -a -a Just get "Error while trying to set the management tool" Bob Grabbe Michigan Proteome Consortium [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Previtera, Sal Sent: Friday, August 01, 2008 12:14 PM To: [email protected] Subject: Re: [FW-1] Trying to recreate vpn certificate Have you tried using the ICA certificate management tool? https://<yourserverIPaddress>>:18265 if it is not enabled then you have to enable using the cpca_client command locally on the server -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bob Grabbe Sent: Friday, August 01, 2008 9:46 AM To: [email protected] Subject: Re: [FW-1] Trying to recreate vpn certificate Yes, this is all one one computer. The only other box involved is an Edge device in another building that I have configured as an externally managed device. I've even tried deleting the edge device from the config and still haven't been able to delete the vpn cert. Bob Grabbe Michigan Proteome Consortium [EMAIL PROTECTED] -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Previtera, Sal Sent: Friday, August 01, 2008 10:20 AM To: [email protected] Subject: Re: [FW-1] Trying to recreate vpn certificate Is the Gateway and Firewall management server running on the same box? Because from your description is hard to figure that out.. Is the firewall gateway a single or a cluster environment? What platform is your firewall management server? If not on the same box with gateway... -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Bob Grabbe Sent: Tuesday, July 29, 2008 8:54 AM To: [email protected] Subject: [FW-1] Trying to recreate vpn certificate I apologize for the long post, but this is my second day trying to resolve this, no one seems to have any answers that work, I'm restating the problem in hopes of further suggestions. Environment is a Checkpoint R54 NG AI installation running on Red Hat. Ver on the firewall shows Check Point SecurePlatform NG with Application Intelligence build 142. Up until yesterday everything was working, then the vpn certificate expired. My understanding is that it should have automatically renewed itself, but this didn't happen. Currently I'm running the dashboard on a Windows XP platform, and I can only connect to the firewall if I set the date on my pc to be before the expiry date. The firewall is showing the current date, but I have to set my local pc to July 29 or earlier or I get the error that the cert has expired, date is wrong, etc. Seems strange to me that it would be on my local pc that I have to change the date, but that's what is working. What I've tried so far: 1. In the firewall properties, disables the vpn-1 took the firewall out of any vpn communities, got everything to the point where I should be able to delete the cert and recreate it. I get an error "Unable to contact Certificate Authority on the management station" (I actually get this also when trying to edit the firewall's properties, but then the edit window opens). If I look at the internal_ca, I have no problem opening it to view it's properties, though. It's expiry is set to 2023. 2. Ssh to the server, run cpstop, try to run cpca_client to revoke, then recreate the cert. This is in line with SK20905, but trying to revoke I get an error:"Error, rc=-1 err=-96 Connection error" This seems like it is indicating an error talking to the ca, but I'm not sure of this. Haven't tried deleting and recreating the ca, as I thought this could be a bit scary. Cpconfig does show that the ca is running, though. No combination of ways to run the revoke_cert works, I consistently get the same error. At this point I'm assuming or thinking that there's a problem with the ca, any suggestions to debug this would be appreciated. Bob Grabbe Michigan Proteome Consortium [EMAIL PROTECTED] Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
