Solved

Looking for experts in Nokia IP350 firewall (very urgent)

Posted on 2006-06-12
5
862 Views
Last Modified: 2013-11-16
Hi there, I have a nokia IP350 firewall, in which I change some setting from the web-based Voyager which are as follows:

1. change the IP interface for one the the port
2. add in a static route
3. change the "host address assignment" IP

After changing, I did a reboot of the firewall.

now I can't ping the firewall from my servers. I can't use voyager to change back the settings, Can anyone help urgently? Thanks alot.
0
Comment
Question by:simonlai
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16891872
Simon, thought you had sorted this one?
0
 
LVL 12

Expert Comment

by:srikrishnak
ID: 16892109
Can you telnet/ssh to any of the other interfaces. If so see in the routing table what went wrong.
0
 
LVL 5

Accepted Solution

by:
dbardbar earned 500 total points
ID: 16895325
Most likely the firewall is blocking traffic to the machine, as the security policy it has contains all the old IPs. It is especialy sensitive to changes in the IP defined as the main IP of the machine.

Another possibilty, is that the FW-1 license you have is for the old IP, which basicly means your IP is not valid now.

Login to the machine using the serial port, and run "fw printlic"/"cplic print" (depending on your version). If you see the license, and it is for the IP you do not have on the machine, then you will need to obtain a new license (for no extra charge) for the new IP, from Check Point's user center site. If you got the license from an integrator, than you should talk to him about obtaining the new license.



If that isn't the issue, than the problem is probably just FW-1 blocking traffic.
What you should do is unload the security policy, connect with the GUI, change ALL the relevant settings (interfaces, antispoofing, Firewall object main IP, encryption domains, etc.), and then install the policy. There is some chance that once you install the new policy, your GUI will disconnect (depending on your FW-1 version). Check with "fw stat" on the console if the date on the policy has been updated. This means that indeed the new policy works.

Now, before you unload the security policy, it is important to understand that until you reload the new policy, the machine is unprotected. It would be wise to take the machine offline, physicly disconnecting all the cables, and connect with the GUI with a cross cable from a isolated PC/laptop.
To unload the policy, run "fw unload localhost" or "fwm unload local" or "fw unloadlocal", depending on your version. Run "fw stat" to make sure it has been unloaded.


0
 
LVL 1

Author Comment

by:simonlai
ID: 16896759
Hi Keith, yes I have sort this out. Just that forgot to remove this post. anyway, dbardbar's comment is correct. I unload the policy and reload after going into voyager to change back the settings. Thanks everyone.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16896777
Phew.... Thanks Simon :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
document a firewall 2 49
Microsoft Advanced Firewall Isolation 6 77
Do I need a hardware firewall? 12 76
Sonicwall Security Service questions 2 49
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now