CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Can't connect to remote module Can't connect to remote module
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-03-09
Junior Member
  
Join Date: 2007-08-13
Posts: 2
Rep Power: 0
gibster has an average reputation (10+)
Default Can't connect to remote module
Hi Folks,
I'm fairly new to this, so please bear with me,
Our organisation has 2 sites, both using checkpoint firewalls (ngx r61). At the remote site the IP address range has changed, so using the console I changed the default gateway and now users here can browse the internet.

At the site where the management firewall is situated I changed the IP address of the remote site in the smart dashboard, however I cannot install the policy. In fact I cannot even ping the remote firewall from the site where the management station is. I can ping the remote firewall from outside the company network.

So what have I done wrong, and how can I get the firewalls talking to each other again.
Please help.
Charlie.

PS Mods, feel free to move this to a more appropriate section if this is in the wrong place.
Reply With Quote
  #2 (permalink)  
Old 2008-03-09
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 909
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: Can't connect to remote module
Quote:
At the remote site the IP address range has changed, so using the console I changed the default gateway and now users here can browse the internet.
Which IP address range changed? External or internal?

Can you still SSH to the firewall or otherwise gain console level access? If so, run the command

fw unloadlocal

and it will remove the security policy. It will allow management connections if you have the implied rules for management enabled. This will allow you to connect with the SmartCenter again so you can install a policy. Be aware that the firewall can no longer protect itself, however IP forwarding is disabled so there isn't any risk to your internal network. Still, you want to push a policy as fast as you can, particularly if you are not on a current operating system and patch level for the firewall.

HTH,

Ray.
Reply With Quote
  #3 (permalink)  
Old 2008-03-09
Junior Member
  
Join Date: 2007-08-13
Posts: 2
Rep Power: 0
gibster has an average reputation (10+)
Default Re: Can't connect to remote module
Thanks for your help on this Ray,
Firstly to answer your questions, it's the external IP address that has changed, and yes I can gain console access to the firewall.

I'm still confused as to why I cannot connect to the remote firewall from the management station or why I cannot even ping the remote firewall from inside the network where management station is located, when I can ping the firewall from outside of the network. I guess it's some sort of routing issue.

I'm not certain I want to unload the security policy until i'm certain I can reload it from the management station.
thanks
Charlie.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 13:07.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0