Has anyone come across this? I posted the same a few months ago, but had no replies. After a month of working with the supplier, with progressively more breaking, and unable to find an answer the resolution was to blow all away; reinstall OS & NG-FP2; and rebuild policy from scratch.
Catalogue of both, with events common to both incidents below. Being an operational unit there weren't many more changes bar policy-tweaks, though any other info is available. 1st time -Platform: Nokia IP330, IPSO 3.5-FCS6, FW/VPN-1 NG-FP2 Management & fw modules on same box. -Events: Number of licence changes. 1st EVAL -> 2nd EVAL + VFM-25 -> 3rd EVAL + VFM- 25. Reload, then... -Symptoms: All processes seem to come up, including fwm, last policy loads & traffic passes, but nothing binds to tcp/18190 (CPMI). Without that no management client can connect, and fw functions, but no changes can be made, logs monitored etc. [...arduous investigation process ... box wipe & rebuild...] 2nd time -Platform: Nokia IP330, IPSO 3.5-FCS7, FW/VPN-1 NG-FP2 Same as above but with fresh IPSO. -Events: All works happily for 2 months. Same (new) licence throughout, VIG-25. Recreate this on CP usercenter & apply to fix sk11228. 1 week later reload and... -Symptoms: Exactly same as before. fwm loads, but does not bind to tcp/18190. Notice that 'fw kill fwm' complains about a wrong pid, so check $FWDIR/tmp and all 'x.pid' files have the time of the last cpstart, except fwm.pid, with the date of the last cpstart prior to the new licence being applied. Deleting this & 'cpstop;cpstart' has no effect. Given that Checkpoint have created a product, the mangement of which they _ONLY_ support through CPMI (gone the days of text editors?) this is a pretty important port. Any help would be v.v.greatly appreciated. Thanks, Ian -- [EMAIL PROTECTED] ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
