Hello,
We are currently facing a strange problem since we upgraded one of the
installations to NG FP1.
The configuration is as follows :
a. Internal management server, using a 10.0.7.* address, NAT'ted to an
official address
b. Firewall module, still at 4.1-SP5, sits in front of this management server
c. Several External Firewall modules, getting their policy from a. and logging
to a.
The problem is the following, when the $FWDIR/masters file contains the Internal
management
server name, none of the Firewall modules can fetch their security policy,
either at boot
time or using the fw fetch <management name> command, and the logging fails
too.
If we replace the name by the External name in the $FWDIR/masters file, the
logging works
but not the fetch.
The only way we made the fetch work is by deleting the object for the External
name of the
management server and creating a group including his IP address, but at that
moment the
logging stops working.
I think we are missing something ... but can't find what, even looking in the CP
doc doesn't help.
Is anyone running a distributed NG FP1 environment and wanting to share some of
his config
files, off-line of course, with me, so I can dig in them to find the
differences ?
I am pretty sure this has something to do with that bl**** SIC stuff but can't
see what.
Met vriendelijke groeten - Bien � vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSA & CCSE
Compaq Software Engineer - Belgium
E-mail : [EMAIL PROTECTED]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
