[FW-1] Cluster upgrade and SecureClient

Subject:	[FW-1] Cluster upgrade and SecureClient
From:	Nick Whitworth <Nick.whitworth AT DETICA DOT COM>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Sun, 29 Oct 2006 09:13:16 -0000

Hi,

 

Yesterday we upgraded our Clustered Nokia VRRP pair of IP 530s from IPSO 3.7.1 
and NG R54 to IPSO 4.0 build 30 and NGX R60 HFA02. 

 

Today I can no longer connect to the remote access vpn using SecureClient. When 
I try to create a site I get Error: Communication with site x.x.x.x failed. 
Looking in SmartView Tracker I can see an Accepted entry from my IP for 
FW1_topo (264) but nothing more.

 

Another user can connect to the vpn with his existing SecureClient policy but 
gets an error during the connection 'unable to communicate with policy server 
on cluster01'.

 

We upgraded all of the central licenses that were attached to the gateways to 
NGX and re-attached them. A policy server license is attached to one of the 
gateways and the cluster object properties show that the SecureClient Policy 
Server option is selected.

 

SmartView Tracker is showing that users are still able to connect to the vpn 
and is logging decrypted traffic against usernames.

 

Does anyone have any ideas?

 

Thanks

 
______________________________________________

Nick Whitworth - Systems Specialist

t +44 (0) 1483 816712 | m +44 (0) 07786 553477  | f +44 (0) 1483 816545
a Detica | Surrey Research Park | Guildford | GU2 7YP | UK
______________________________________________
www.detica.com
 



This message should be regarded as confidential. If you have received this 
email in error please notify the sender and destroy it immediately.
Statements of intent shall only become binding when confirmed in hard copy by 
an authorised signatory.  The contents of this email may relate to dealings 
with other companies within the Detica Group plc group of companies.

Detica Limited is registered in England under No: 1337451.

Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Cluster upgrade and SecureClient, Nick Whitworth <= [FW-1] RE : [FW-1] Cluster upgrade and SecureClient, Jerome Re: [FW-1] Cluster upgrade and SecureClient, Mark Elsen Re: [FW-1] Cluster upgrade and SecureClient, Nick Whitworth Re: [FW-1] Cluster upgrade and SecureClient, Tauseef Khan [FW-1] SmartCenter password (Was: Cluster upgrade and SecureClient), Hugo van der Kooij Re: [FW-1] SmartCenter password (Was: Cluster upgrade and SecureClient), Sergio Alvarez Re: [FW-1] SmartCenter password (Was: Cluster upgrade and SecureClient), Michael J. Semaniuk Re: [FW-1] SmartCenter password (Was: Cluster upgrade and SecureClient), sin Re: [FW-1] SmartCenter password (Was: Cluster upgrade and SecureClient), robby AT cauwerts DOT be

Previous by Date:	Re: [FW-1] Problems with upgrade_export, Sergio Alvarez
Next by Date:	Re: [FW-1] Problems with upgrade_export, Reinhard Stich
Previous by Thread:	[FW-1] Problems with upgrade_export, Sergio Alvarez
Next by Thread:	[FW-1] RE : [FW-1] Cluster upgrade and SecureClient, Jerome
Indexes:	[Date] [Thread] [Top] [All Lists]