[FW-1] Can not install Policy from Management Console to FW-1 module

Fri, 20 Sep 2002 12:42:33 -0700

Title: NG FP2 Security Server Hotfix
Hi, all
 
 
I am setting up a testing lab using eval license from CheckPoint. FW-1 module v4.0 runs on Solaris 2.6 (4 network cards) and management module runs on Windows NT server. I want to test it then I can upgrade our production CheckPoint to v4.1 from v4.0.
 
After installation, I can't install policy from console to Sun box. I have followed the suggestion from CheckPoint support to delete $FWDIR/conf/fwauth.keys and serverkeys.*, $FWDIR/database/authkeys.C and opsec_authkeys.C and modified $FWDIR/lib/control.map to both fwa1 and skey authentication method. I re-run "fw putkey" on both console and FW-1 module.
 
I started console first and then FW-1 module. When I started FW-1 module on Solaris (fwstart), I got messages:
 

# fwstart

FireWall-1: starting fwd

FireWall-1: Fetching Security policy from fwtestnt  (Note: the IP address is the NT management server) localhost

Trying to fetch security policy from fwtestnt :

FW: Received new control security key from fwtestnt Installing Security policy chk-071102 on all.all@fwtest1

Has only loopback(lo) interface, aborting...

Failed to Load Security policy: No such file or directory

Fetching Security policy from fwtestnt failed

Trying to fetch Security policy from localhost:

Failed to Load Security policy: No State Saved

Fetching Security Policy from localhost failed

can not fetch Security policy from fwtestnt localhost

FireWall-1 started

#

When I tried to push policy from NT management server to Sun firewall-1 box through policy editor GUI, I got a message on the "Install Policy" popup dialog window:

Installing Security Policy c:\winnt\fw\conf\chk-071102.pf on all.all@fwtest1

Failed to install Security Policy on fwtest1: The system can not find the file specified

While on the Sun box UNIX console, I saw a message:

Installing Security Policy chk-071102 on all.all@fwtest1

Can you tell where the problem? Thanks.

Ruiyuan Jiang

Liz Claiborne, Inc.

(201) 295-7171

Reply via email to