It is not possible to install any policies. When check the sic status from
smartdashboard, it gives the error:
"SIC status fo XXXXX: not communicating
Authentication Error [error 147]
Check that peer SIC is configured properly
and that system date and time on the Smartcenter and peer are synchronized"
The most strange is that in smartview monitor, I see the status of these
firewall as OK. I can even get data from the in smartupdate.
But doing a on these FWs is not possible.
I could't note any action that may be causing this, it seems to be random. The
time it takes to loose SIC is also random.
It only happens to r54 in SPLAT. R54 in nokia an r55 in any case is fine.
It lloks like a bug.
CPD shows the messages bellow after sic estab.
12 Mar 23:35:39] Schedule_SIC_Renewal: SIC certificate should be renewed in
70700185 seconds from now.
Will be checked again in 1209600 seconds from now.
[12 Mar 23:35:39] Cpd started
[14 Mar 0:55:08] cprti_dump_init: cannot open nl socket
[14 Mar 0:55:08] cprti_dump: cant init
[14 Mar 0:55:08] CP Status extractor: GetOidReply: Error - OID
'1.3.6.1.4.1.2620.1.6.6.1.2.1' reported as next-oid, but has no value
[14 Mar 8:18:04] rand_collect_entropy: Failed to collect entropy from all
sources.
[14 Mar 9:36:46] rand_collect_entropy: Failed to collect entropy from all
sources.
[14 Mar 14:25:11] rand_collect_entropy: Failed to collect entropy from all
sources.
[14 Mar 16:20:38] rand_collect_entropy: Failed to collect entropy from all
sources.
[14 Mar 23:32:59] rand_collect_entropy: Failed to collect entropy from all
sources.
[15 Mar 9:02:12] rand_collect_entropy: Failed to collect entropy from all
sources.
[16 Mar 17:18:04] rand_collect_entropy: Failed to collect entropy from all
sources.
[16 Mar 20:15:37] rand_collect_entropy: Failed to collect entropy from all
sources.
[17 Mar 10:02:24] rand_collect_entropy: Failed to collect entropy from all
sources.
[17 Mar 18:49:33] DoCancelOperation: unsupported oid is cancelled.
oid='1.3.6.1.4.1.2620.1.1.25.8'
[18 Mar 13:50:34] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 0:16:24] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 1:30:56] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 5:01:10] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 6:05:48] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 16:22:29] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 19:57:55] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 21:20:01] rand_collect_entropy: Failed to collect entropy from all
sources.
[19 Mar 23:15:43] rand_collect_entropy: Failed to collect entropy from all
sources.
[20 Mar 8:56:48] rand_collect_entropy: Failed to collect entropy from all
sources.
[20 Mar 11:09:59] rand_collect_entropy: Failed to collect entropy from all
sources.
[20 Mar 14:19:34] rand_collect_entropy: Failed to collect entropy from all
sources.
[20 Mar 15:31:33] rand_collect_entropy: Failed to collect entropy from all
sources.
[21 Mar 9:17:23] rand_collect_entropy: Failed to collect entropy from all
sources.
[21 Mar 15:02:20] rand_collect_entropy: Failed to collect entropy from all
sources.
[21 Mar 22:25:02] rand_collect_entropy: Failed to collect entropy from all
sources.
[21 Mar 23:58:57] rand_collect_entropy: Failed to collect entropy from all
sources.
[22 Mar 8:25:18] rand_collect_entropy: Failed to collect entropy from all
sources.
[22 Mar 9:52:30] rand_collect_entropy: Failed to collect entropy from all
sources.
[22 Mar 18:04:06] rand_collect_entropy: Failed to collect entropy from all
sources.
[23 Mar 8:44:17] rand_collect_entropy: Failed to collect entropy from all
sources.
[23 Mar 17:14:36] DoCancelOperation: unsupported oid is cancelled.
oid='1.3.6.1.4.1.2620.1.1.25.8'
Thanks,
Octavio
-----Mensagem original-----
De: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] Em nome de Adam BE
Enviada em: sexta-feira, 24 de março de 2006 10:24
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Assunto: Re: [FW-1] Provider-1 NGX Upgrade issue
Hi Octavio,
Please provide more specific details...
How do you know you've lost SIC, what is the symptom: does intall policy or
some other operation fail? Once you've reset SIC... how long does it take until
you lose it again? Can you reconstruct the specific operations you made which
keep causing SIC to be lost or is it lost without relation to any operation
which you made (i.e occurs once every 2 hours...)?
Once you've lost SIC try troubleshooting to see what might be causing the
problem.. see http://fixmyfirewall.com/fw1/fw-1.0117.html and then check the
log in $CPDIR/log/cpd.elg
Best regards,
Adam.
Octavio do Vale Rocha <octavio AT NCT.COM DOT BR> wrote: Hi all,
After upgrading Provider-1 to NGX (only the management part), we are
having problems with r54 gateways. They loose SIC to the their CMAs, and
even if we close SIC again it looses after some time. The error showed
is error 147.
The most strange is that in smartview monitor, we can see these gateways
status as OK, their current connections, cpu, etc. We can also get their
data from smartupdate, but receive an error when getting license.
Has anyone experienced this? It is happening only with R54 (build 317)
gateways.
Thanks,
Octavio
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC for low, low
rates.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
