Re: [FW1] problem pushing policy to fw module

Mon, 24 Jul 2000 08:53:13 -0700 


Bailey,

Connection refused is an indication that a service is
either not running or a rule is rejecting it.

Also, check your routing and possibly what the IP
aliases resolve to.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Bailey Maurice <[EMAIL PROTECTED]> 7/22/00 2:18:40 PM >>>
>
>Hello,
>
>I am having problems pushing a security policy to a remote fw module.
>
>I have two firewalls running CP2000:  Firewall_A (Solaris 7) is running
>a management and firewall module and Firewall_B (NT4) is just running
>a firewall module.  Both firewalls have valid external IP addresses but
>can also see each other thorough their internal interfaces via a private
>routed WAN.
>
>Firewall_B's external interface is not currently connected to the Internet
>(it will be soon) but I want all control connections between the firewalls
>to go over the private WAN anyway.
>
>Both firewalls are licensed on their external IPs and the firewall objects
>are defined using these addresses in the security policy.
>
>Using fw putkey -n, I can get the firewalls to talk to each other on their
>internal addresses and then pull a policy to Firewall_B using fw fetch.
>However, I can't get Firewall_A to push a policy to Firewall_B.  The
>error message returned is:
>
>Failed to download security policy on Firewall_B:connection refused.
>
>If I change Firewall_B's object in the security policy so it's IP address is
>it's internal interface, I can push the policy to the Firewall_B.  However,
>I don't want Firewall_B's object to be in the security policy on its
>internal
>interface as I believe it prevents me from doing lots of good things!
>
>I've tried everything that's relevant on Phoneboy's site but I still can get
>it
>to work unless Firewall_B's object has it's internal address.
>
>Can anyone suggest anything else?
>
>Thanks.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to