Hi,
I would appreciate any help regarding the following problem I'm encountering.
Basically, I am trying to set up a Enterprise Management Console running
Firewall-1 4.1 on an NT 4 server to communicate with a Firewall-1 3.0
Inspection Module running on a Xylan switch.
After configuring the Inspection Module on the switch and setting the skey
password to use, I define the remote module on the Management Console and then
define the Firewall Object in the Policy Editor. The editor manages to
retrieve the Firewall-1 version and interface information using SNMP without
any problem. However, it is just unable to communicate with the inspection
module on the switch - hence it cannot determine the state of the inspection
module or install the policy. Strangely, when I try to install a policy the
Management reports an "unknown command" message - however, I've no idea what
command it is referring to.
To complete the picture, the switch is reporting the following errors:
FwError: Log authentication with XX.XX.XX.XXX failed
FwError: Connection broken while communicating with XX.XX.XX.XXX for bloadme
FwError: Connection broken while communicating with XX.XX.XX.XXX for bloadme
(where XX.XX.XX.XXX is obviously the IP of the switch).
On the other hand, the Management station is continously reporting the
following:
Firewall-1: DecodeFwSet : buffer length checksum failed
Firewall-1: Authentication with Inspection.Module failed
I then tried to play around with the authentication mechanism being used by
the console - basically, I tried to force it to use skey, which seems to be
the one being used by the module. The first question that comes to mind is,
which control.map file must I modify? I tried modifying the one where the
backward compatibility version is installed but nothing changed. I then
tried to modify the control.map of the 4.1 installation (on the management)
- I commented the entries in the file and added the following:
CLIENT: */skey
* : */skey
After re-starting the firewall software on the management, things changed
slightly - the console first reported that the remote module connected. However,
a few seconds later, it reported that the connection from the module was
ended and several error messages were generated concerning the contents
of the .ft file (mainly things like 'illegal table value') and the .fc file
(an illegal opcode message) for the remote module. Ah yes, to cheer me up the
fw.exe process on the Management crashed <G>.
At this point I'm pretty much lost. I guess I'm doing something terribly wrong
but can't figure out what. Help !!!!!!
Thanks,
Herbert
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
