Hello,
I am having problems pushing a security policy to a remote fw module.
I have two firewalls running CP2000: Firewall_A (Solaris 7) is running
a management and firewall module and Firewall_B (NT4) is just running
a firewall module. Both firewalls have valid external IP addresses but
can also see each other thorough their internal interfaces via a private
routed WAN.
Firewall_B's external interface is not currently connected to the Internet
(it will be soon) but I want all control connections between the firewalls
to go over the private WAN anyway.
Both firewalls are licensed on their external IPs and the firewall objects
are defined using these addresses in the security policy.
Using fw putkey -n, I can get the firewalls to talk to each other on their
internal addresses and then pull a policy to Firewall_B using fw fetch.
However, I can't get Firewall_A to push a policy to Firewall_B. The
error message returned is:
Failed to download security policy on Firewall_B:connection refused.
If I change Firewall_B's object in the security policy so it's IP address is
it's internal interface, I can push the policy to the Firewall_B. However,
I don't want Firewall_B's object to be in the security policy on its
internal
interface as I believe it prevents me from doing lots of good things!
I've tried everything that's relevant on Phoneboy's site but I still can get
it
to work unless Firewall_B's object has it's internal address.
Can anyone suggest anything else?
Thanks.
--
This e-mail is confidential and should not be used by anyone
who is not the original intended recipient. If you have received
this e-mail in error please inform the sender and delete it from
your mailbox or any other storage mechanism. Macmillan
Publishers Limited cannot accept liability for any statements
made which are clearly the sender's own and not expressly
made on behalf of Macmillan Publishers Limited or one of its
agents.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
