[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Migration of CP NG FP2 management station
If you are not using some certificates other that SIC, I recommend you to reset ICA and reinitialize it. It can be done with "fw sic_reset" command. After execution you should run "cpconfig" and configure ICA again. These will probably solve corruption of your ICA and you will be able to establish SIC with other modules (and also install the policy). But please be aware, that all other certificates ( VPN, User,..), generated by old ICA will be lost and you will have to regenerate them. Good luck, Andrej Skamen System engineer Hermes Plus S&T Group Kersnikova 19 3000 Celje, Slovenija Tel: +386 3 4284000 Fax: +386 3 4284031 Web: www.hermes-plus.si -----Original Message----- From: Sidharth Bhadani [mailto:[email protected]] Sent: Thursday, August 29, 2002 4:57 AM To: [email protected] Subject: [FW-1] Migration of CP NG FP2 management station *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi All, I am trying to migrate a management module which is presently running on nokia IP330 together with the enforcement to a separate Windows server. In regard to the migration of the management modules I have some doubts. I am 1st laying down the steps which I followed in this migration. 1. I backed up the following files from the $fwdir/conf directory of Nokia IP330. i)objects_5_0.C ii)fwauth.NDB iii)InternalCA.* iv)ICA*.* v)sic_cert.p12 I installed the primary management module on windows 2000 server (SP2). I initialize the certificate authority and FQDN. I replaced the above mentioned files in winnt\FW1\NG\conf\ directory. I started the management module but when I tried connecting using policy editor, the GUI client crashed when it was showing "loading rules" in the progress bar. 2. I replace the following files from $FWDIR/conf directory in addition to the files mentioned in step 1. i)cmprulebase.fws ii)fgrulebases_5_0.fws iii)lcrulebase_5_0.fws iv)slprulebases_5_0.fws After doing step 2 I can open the policies from policy editor. The problem is now I can't see my primary management station object. Also whenever I click on any checkpoint gateway objects (enforcement modules) I get the following error "Unable to contact Certificate Authority on the management Station .Please make sure the certificate Authority daemon is running." Also when I try editing the object I get this error "The generation of internal CA certificate failed. This node will not be able to perform certain VPN-1 operations that require this certificate". The SIC between the module and enforcement is also not initialized. I think I need to edit some files manually to include my primary management module objects to work with the imported files but I am not sure of the steps. If someone has done this before please advice on what should be done. Need your help badly, Thanks and regards Sidharth ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|