I have an enforcement module that appears to have a "bad"
policy installed. That is, it feels that traffic coming in
from the management server is spoofed.
Check your interfaces configuration in your FW-object,
make sure that all a-spoofing params are set correct
for each subnet.
So how does one
install a corrected policy on this system? Obviously, you
cannot push a policy, but sometimes traffic originating from
the firewall itself gets through the anti-spoofing, so I
thought a,
# fw fetch <master>
Might work, but no.
How does it fail then ? Error ?
So then I tried,
# fw ctl uninstall
To kill the anti-spoofing, but the fetches would still fail.
What is a procedure to "reaquire" a module that has incorrectly
decided the management server is spoofing?
Subnet (interfaces) , should have the correct params set w.r.t the
networks they connect too.
M.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
| 