CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 72 attendees signed up from 20 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Reload this Page Resource temporarily unavailable
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2005-08-14
roadrunner roadrunner is offline
Senior Member
  
Join Date: 2005-08-12
Posts: 162
Rep Power: 4
roadrunner has an average reputation (10+)
Default Resource temporarily unavailable
Resource temporarily unavailable
I have seen this message when attempting to install a policy from a management station to a firewall module and the remote firewall was unreachable. Make sure the site is up. Also make sure the current rule base installed on 'gateway' is not blocking packets from the 'control' machine. See the following URL for information on how to get around that problem: Install an 'accept all' policy on the firewall module .

Mike Barkett makes the following suggestion: Make sure the following three IPs are the same:


fw module IP in $FWDIR/conf/clients
Licensed IP of the FW module
Main IP (General Tab) of the FireWall Module object in the rulebase editor
You'll need to make sure that the fw putkey was executed properly, and that the corresponding masters IP is off of the same interface and licensed as such. If all of this is in place, and you are not installing over a 32k connection, you should be fine.

The connection between the management console and the firewall module could also be timing out. In this case, the "Resource Temporarily Unavailable" message may be a red herring. Look at the output of an 'fw stat' on the remote firewall. You may be surprised to find the security policy did load. Whether it worked or not, follow the steps discussed in the following FAQ: Operation would block .

If you have multiple firewalls in an HA configuration, they are the "default route" to the Internet, and you define the firewalls with the external IP as you should, the primary firewall will succeed, the secondary will fail. To resolve this, explicit static routes are necessary. For example, if you have two firewalls and a management console as so (192.168.0.x are external for this example):


mgmt: 10.0.0.162
firewall-a: 10.0.0.1/192.168.0.1
firewall-b: 10.0.0.2/192.168.0.2
Two explicit routes should be added to your management console (the following is Solaris, modify syntax as appropriate for your platform). This will ensure packets destined for the firewall's external IP go to the specific firewall:


route add 192.168.0.1 10.0.0.1
route add 192.168.0.2 10.0.0.2
If there's an intermediary router between the management console and firewall, these static routes go on the interior router(s) closest to the firewalls instead of the management console.

-- GuyR - 09 Jan 2004


FAQForm
FAQs.Class: RemoteManagementFAQs, TroubleshootingFAQs
FAQs.OS:
FAQs.Version:
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 20:55.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0