I use Checkpoint VE R71 clusters on ESXi to host bespoke
cloud solutions for a number of customers.
This week I had an irritating problem
where after a reboot of the passive firewall it was unable to fetch a policy
from the management server.
No amount of cpstop/cpstarts, manual fetches and reboots
helped.
The error message was as follows.
fw fetch 10.10.10.10
Fetching Security Policy From: 10.10.10.10
Installing Security Policy vfw1 on all.all@ vfw1
Failed to Load
Security Policy: No such file or directory
Failed to Load
Security Policy: No such file or directory
Fetching Security
Policy Failed
The firewall was able to ping its ESX host, the virtual centre
server and the firewall management station..
The solution in the end was to run sysconfg and take the “Configure
vSphere connection settings” option. Then run through the establishing the
connection to the Virtual Centre server again.
Once this was done, fetching a policy worked.
I am assuming somehow the firewall was unable to
authenticate itself to the virtual centre server by losing the cached copy of
the certificate?
No one I have spoken to is sure why when operating in “network
mode” not “hypervisor mode” the firewall needs to talk to the virtual centre
server at all. If I had to guess I would say it need this for licensing..
Anyway, hope this helps someone.
Mat.
No comments:
Post a Comment