[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Unable to connect to FW-1 (Nokia 330) via the Manageme nt Console (W2K)
Are you calling your management console the host that happens to have the GUI installed or do you actually have an EMC license installed on it? If the Windows box is truly an EMC then it looks like the Nokia isn't configured for a distributed environment. Check $FWDIR/conf/product.conf and make sure _at least_ these options are listed: StandAlone=0 Management=0 Other options may exist but they will need to be determined from your licenses, etc. Then check $FWDIR/conf/masters and make sure the IP address of your Win2k EMC is listed. Make sure your putkeys are correct. Might as well redo them to make sure. Start the Nokia FW using fwstart once this everything looks right. You'll probably see the same errors. After it starts and says "FireWall-1 started" make sure fwd is running with "ps aux | grep fwd". If it is, try "fw unload localhost" on the Nokia and then try pushing policy from the GUI connected to the EMC. Chris -----Original Message----- From: Bob Polk To: [email protected] Sent: 1/12/02 7:46 PM Subject: [FW-1] Unable to connect to FW-1 (Nokia 330) via the Management Console (W2K) Hello, I have a Nokia 330 with FW-1 4.1 SP-1 installed. When I attempt to connect to the Nokia box from the Management Console (Win2K Box), it completes the 3 way handshake, the NT box pushes a packet and then the Nokia box sends a Fin packet and tears down the connection. After this, Port 258 is no longer listening on the Nokia box. If I do a FWM, the port listens again, but as soon as I attempt to connect via the Management console the same thing happens. I verified that the IP that I'm using for the W2K box is in the GUI Clients on the Nokia box. Additional information: When I boot the Nokia box, I receive the following: LOG_ERR] root: fwstart failed, check /var/log/fw.log cat fw.log Sat Jan 5 13:15:37 GMT 2002 FW-1: Default filter installed successfully DEV 0 33 f2dba000 023e f2e1731c 1 fw1_mod FireWall-1: Module already installed FireWall-1: starting VPN-1 Accelerator Card FW-1: The LunaVPN driver is not responding VPN-1 Accelerator Card is not enabled FireWall-1: failed to start VPN-1 Accelerator Card FireWall-1: Starting fwd FireWall-1: Starting fwm (Remote Management Server) FireWall-1: Fetching Security Policy from localhost Trying to fetch Security Policy from localhost: Failed to Load Security Policy: No State Saved Fetching Security Policy from localhost failed FireWall-1: Starting cpmad (Malicious Activity Detection) FireWall-1 started Additional Information: uname -a IPSO wrtnok1 3.2.1-fcs1 releng 849 11.24.1999-102644 i386 wrtnok1[admin]# fw ver -k This is Check Point VPN-1(TM) & FireWall-1(R) Version 4.1 SP-1 Build 41492 IPSO] kernel: Version 4.1 SP-1 Build 41492 IPSO-build-11 SDK-849 [VPN + DES + STRONG] wrtnok1[admin]# fw stat HOST POLICY DATE localhost defaultfilter 1Mar2000 23:38:19 : [>eth-s5p1c0] wrtnok1[admin]# netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *.258 *.* LISTEN tcp 0 0 *.18185 *.* LISTEN tcp 0 0 *.26338 *.* LISTEN udp 0 0 *.161 *.* udp 0 0 *.514 *.* Any help would be greatly appreciated. Thanks, Bob [email protected] _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|