'fw stat x.x.x.x' from smartcentre failing.

[stacy99]

I have a solaris manager (2 in HA), managing 10 nokia's...

From the manager when I run 'fw stat x.x.x.x' (IP of enforcement point) I usually get the name of the current policy and install date for that firewall.

eg.

HOST POLICY DATE
172.x.x.x polcy-071123-sb 30Nov2007 14:42:21 : [>eth-s3p2c0] [<eth-s3p2c0] [>eth-s1/s1p1c0] [<eth-s1/s1p1c0] [>eth-s3p3c0] [<eth-s3p3c0]

HOWEVER, from one particular firewall, which currently has a working SIC connection, verified by pushing policies to it from the manager, and testing SIC through SmartDashboard. When running the same command as above but for this firewalls IP I get the following:

HOST POLICY DATE
There is no SIC to 172.24.107.248

I am currently unable to reset SIC due to the downtime involved but need the fw stat command from the manager to reflect the true status of the firewall.

Due to the sensitive nature of these firewalls I'm unable to troubleshoot the problem (unable to reboot, cpstop/cpstart, or reset SIC) as the firewall is currently active at the moment but would be keen to hear if anyones seen this before and what the fix was.

cheers,

Stacy

[melipla]

I've found that using "fw stat <ip>" works only for the IP address listed under the General Properties. Using IPs from other interfaces of the same gateway reports "There is no SIC".

Otherwise a "cpinfo" executed locally on the firewall should tell you the information you require. You could check SmartView Monitor in the off chance that it has it as well.

[stacy99]

I have now found that 'cpstat -h <ip> fw' works succesfully but 'fw stat <ip>' says "There is no SIC to <IP>"

The IP I'm using is the one in the General Properties for the firewall.

Anymore ideas?

Stacy