-----Original Message-----You said that you verified the /etc/fw.boot/ifdev file, but does it really contain everything that was in it before the service pack install? Any additions that were done after installing the firewall software, such as new interfaces for StoneBeat FullCluster or other products, tend to get wiped out when patches are installed. A default FireWall-1 file is put in place.
From: Ron Atkinson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 2:45 PM
To: Johan Henell (TIM)
Subject: Re: [FW1] "bad file number" after installing sp4I'm the one that actual sent the /etc/fw.boot/ifdev file info to the phoneboy site, but for some reason he didn't seem to include the reason to check for this file and what to actually look for.
good luck to ya
Ron
"Johan Henell (TIM)" wrote:
After applying SP4 (I redid it after failing because of too large directory name - if that have anything to do with it) fw1 (v4.1 on solaris sparc 2.7) fails to install the security policy. The message is:
....
...
Compiled OK....
Downloading on localhost succeded.Installing security policy on xxx
Has only loopback (lo) interface, aborting.
Failed to load security policy. Bad file number.
Installing security policy on localhost failed.* I tried uninstalling the service pack, but no change.
* When doing "fw ctl iflist" it only lists the loopback interface.
* The license seems to be ok.
* I tried the things in one FAQ I found on www.phoneboy.com: "fw ctl uninstall/install", dumb terminal file, verifiying /etc/init.d/firewall1 exists and verified /etc/fw.boot/ifdev. Well.. everything except "cpconfig -install".What to do except reinstalling (if I lose the policy it doesn't matter, I can always redo it)
Any help would be appreciated.BR /J
I've solved (ok.. worked around...) this
and as the support for checkpoint is that crap I'd like to share the info with
interested people.
No,
the etc/fwboot/ifdev file was 100% ok.
I used
one of these hardening scripts, in my case yassp, before installing fw-1. After
this I there's no trouble with the original installation of fw-1, but SP4
fails. It gives no error message or any kind of helpful information. FW-1 simply
do not start. I did not take sufficient time to investigate exactly how but it's
at least in the pre- and/or postpatch script.
For
example I found out that the correct startup file were not copied to /etc/rc2.d
and the installation did not process all of the postpatch script - it left some
temporary files in /etc/init.d.
Solution: Don't use any hardening scripts on fw-1
boxes, do it by hand.
Alternative solution: Install another firewall-product.
One that comes with install and support documentation/help for service
packs.
BR
/J
- [FW1] "bad file number" after installing sp4 Johan Henell (TIM)
- RE: [FW1] "bad file number" after instal... Johan Henell (TIM)
- RE: [FW1] "bad file number" after instal... Juppunov, George
