1. Home
  2. Networking Firewalls
  3. Unable to access Checkpoint's policy editor with Nokia IP

Unable to access Checkpoint's policy editor with Nokia IP

Ok, I have a Nokia IP machine and I activated the policy server and the firewall. But as soon as I activate them, I am no longer able to configure the Nokia IP machine from my webbrowser, I have to logon to it. And since my policy editor client is on my Windows machine, I can't connect to the Nokia IP and configure the policies.

What do I do in this case? I tried modifying the hosts file but that didn't help. Is there any other place where I can tell the Checkpoint machine that I want a certain PC on the network to be able to access it? If so, how? All I really need is to get to the policy editor.

Thanks

Reply to
wildbeast
Loading thread data ...

I am assuming you are talking about the Secureclient policy server and not the firewall policy that is uploaded to an enforcment module from the SmartCenter

Did you include a rule in your firewall policy that allows the Windows machine to communicate with the Nokia over the specified ports

What does the Checkpoint logs show when you try to access the Nokia?

Reply to
rick

Hi,

No I did not include a rule in the firewall policy. How do I modify the firewall policy? I'm fairly new to this.

Thanks for your help.

snipped-for-privacy@bcm.tmc.edu wrote:

Reply to
wildbeast

Now I'm always getting "Authentication failed" whenever I try to access the machine with the policy editor.

Reply to
wildbeast

On the Nokia, run

cpconfig

Then you can specify the GUI Client IP addresses that will be allowed to connect.

Ray

Reply to
Jay

Reply to
wildbeast

use "fw unloadlocal" command from console mode. This command will dispatch the policy you installed on Nokia box and you can access to the web page or firewall to do whatever you want

snipped-for-privacy@gmail.com wrote:

Reply to
Dophi

Make sure you unplug the Internet line from the Nokia before you run "fw unloadlocal". That command removes the security policy entirely as well as disabling IP routing between the interfaces. While it does allow management connections, it renders the Nokia box itself unprotected from Internet attacks.

Ray

Reply to
Jay

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.