1. Home
  2. Networking Firewalls
  3. Nokia IP330 + FW1 issue

Nokia IP330 + FW1 issue

Hi All,

bit of a problem I need help with here...

Ive inherited an live Nokia IP330 running FW1. My initial problem was that I had no passwords to the device(console) or Voyager or SmartDashboard. I have now done a password reset and have console access. Thats one problem solved. Next problem is that I cannot ping my internal management PC (where Im wanting to run SmartDashboard GUI client) from the firewall itself. I presume there are rules in place on the firewall which are restricting my access. I have added my IP address using cpconfig to the list of mgmt GUI clients, so that part is completed. Now I have a catch-22 situation. I need to change the firewalls rule set to allow my PC access to the FW (for mgmt via SmartDashboard), but I cannot access the firewall due to the existing rules. I also cannot unload the rulebase as it is a live firewall. I have the same issue (obviously) with getting Voyager access - i.e. because of the firewall rules. I have done a 'voyager -e

0 80' to reset voyager with normal http (non-ssl) access, but im unable to connect to this either.

Any suggestions about how I can get smartdashboard and voyager working from my PC??

Cheers, TB

ps. just another thought - could this be to do with the fact that there isnt a static route to the internal subnet that my gui client PC is on? (pps. I havent actually checked this!) I guess I could add one with the lynx interface to Voyager using the CLI...but using lynx through hyperterminal is messy to say the least!!!

Reply to
trevbeck1
Loading thread data ...

If you have time to stop the firewall you can run the fwm unload localhost. This command is disable all rules of the firewall, thus you can access the firewall through smartdashboard. Remember when you run this command all of rules that were configured on the firewall will be disable and you need run this commando on the management server Then when you connect on firewall you can configure one rule for you access the firewall and after that you need apply the policies, thus activation all of rules that exist on the firewall. If you can not access the firewall after that your problem doesn't with rules. []

snipped-for-privacy@hotmail.com escreveu:

Reply to
Daniel

snipped-for-privacy@hotmail.com wrote: . I have added my IP

That's ok

No need to create a rule for traffic between you SmartConsole (on your desktop) and the management server (which is also installed on the Nokia in your case, I assume). This traffic is handled by the implied rules which our on by default.

I assume that your host is behind the internal fw's interface: Check connectivity between your host and the firewall using tcpdump. on the nokia: # ifconfig -a (and look for the name of your internal interface) # tcpdump -ni name_of_your_internal_interface host ip_address_of_your_internal_host

launch icmp traffic to the internal interface address of your firewall. If the routing is ok then you should see incomming echo requests in your tcpdump session.

Br. Robby

Reply to
Robby Cauwerts

Hi All,

sorted the issue now... I did a 'fw unloadlocal' on the firewall, then I was able to use the GUI to connect...however my internal IP was actually configured in the rulebase. However when I started Checkpoint up again (cpstart), one of the messages output to the conole window was 'GUI lock removed' or something similar. I guess this was the reason I couldnt access via GUI.!!

Thanks for all the comments and suggesti> snipped-for-privacy@hotmail.com wrote:

Reply to
trevbeck1

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.