Unable to access Checkpoint"s policy editor with Nokia IP

Ok, I have a Nokia IP machine and I activated the policy server and the
firewall. But as soon as I activate them, I am no longer able to
configure the Nokia IP machine from my webbrowser, I have to logon to
it. And since my policy editor client is on my Windows machine, I can't
connect to the Nokia IP and configure the policies.

What do I do in this case? I tried modifying the hosts file but that
didn't help. Is there any other place where I can tell the Checkpoint
machine that I want a certain PC on the network to be able to access
it? If so, how? All I really need is to get to the policy editor.

Thanks

Re: Unable to access Checkpoint"s policy editor with Nokia IP

wildbeast@gmail.com wrote:
> Ok, I have a Nokia IP machine and I activated the policy server and the
> firewall. But as soon as I activate them, I am no longer able to
> configure the Nokia IP machine from my webbrowser, I have to logon to
> it. And since my policy editor client is on my Windows machine, I can't
> connect to the Nokia IP and configure the policies.
>
> What do I do in this case? I tried modifying the hosts file but that
> didn't help. Is there any other place where I can tell the Checkpoint
> machine that I want a certain PC on the network to be able to access
> it? If so, how? All I really need is to get to the policy editor.
>
> Thanks

I am assuming you are talking about the Secureclient policy server and
not the firewall policy that is uploaded to an enforcment module from
the SmartCenter

Did you include a rule in your firewall policy that allows the Windows
machine to communicate with the Nokia over the specified ports

What does the Checkpoint logs show when you try to access the
Nokia?

Re: Unable to access Checkpoint"s policy editor with Nokia IP

Hi,

No I did not include a rule in the firewall policy. How do I modify the
firewall policy? I'm fairly new to this.

Thanks for your help.

rick@bcm.tmc.edu wrote:
> Did you include a rule in your firewall policy that allows the Windows
> machine to communicate with the Nokia over the specified ports
>
> What does the Checkpoint logs show when you try to access the
> Nokia?

Re: Unable to access Checkpoint"s policy editor with Nokia IP

Now I'm always getting "Authentication failed" whenever I try to access
the machine with the policy editor.

Re: Unable to access Checkpoint"s policy editor with Nokia IP

On the Nokia, run

cpconfig

Then you can specify the GUI Client IP addresses that will be allowed to
connect.

Ray

wrote in message
news:1161361870.201854.60940@m7g2000cwm.googlegroups.com...
> Now I'm always getting "Authentication failed" whenever I try to access
> the machine with the policy editor.
>

Re: Unable to access Checkpoint"s policy editor with Nokia IP

Thanks but that didn't help either. Is their a way to reset the
cpconfig options?

Jay wrote:
> On the Nokia, run
>
> cpconfig
>
> Then you can specify the GUI Client IP addresses that will be allowed to
> connect.
>
> Ray
>
> wrote in message
> news:1161361870.201854.60940@m7g2000cwm.googlegroups.com...
> > Now I'm always getting "Authentication failed" whenever I try to access
> > the machine with the policy editor.
> >

Re: Unable to access Checkpoint"s policy editor with Nokia IP

use "fw unloadlocal" command from console mode.
This command will dispatch the policy you installed on Nokia box and
you can access to the web page or firewall to do whatever you want


wildbeast@gmail.com wrote:
> Thanks but that didn't help either. Is their a way to reset the
> cpconfig options?
>
> Jay wrote:
> > On the Nokia, run
> >
> > cpconfig
> >
> > Then you can specify the GUI Client IP addresses that will be allowed to
> > connect.
> >
> > Ray
> >
> > wrote in message
> > news:1161361870.201854.60940@m7g2000cwm.googlegroups.com...
> > > Now I'm always getting "Authentication failed" whenever I try to access
> > > the machine with the policy editor.
> > >

Re: Unable to access Checkpoint"s policy editor with Nokia IP

Make sure you unplug the Internet line from the Nokia before you run "fw
unloadlocal". That command removes the security policy entirely as well as
disabling IP routing between the interfaces. While it does allow management
connections, it renders the Nokia box itself unprotected from Internet
attacks.

Ray

"Dophi" wrote in message
news:1161839927.732242.169020@i42g2000cwa.googlegroups.com.. .
> use "fw unloadlocal" command from console mode.
> This command will dispatch the policy you installed on Nokia box and
> you can access to the web page or firewall to do whatever you want
>
>
> wildbeast@gmail.com wrote:
>> Thanks but that didn't help either. Is their a way to reset the
>> cpconfig options?
>>
>> Jay wrote:
>> > On the Nokia, run
>> >
>> > cpconfig
>> >
>> > Then you can specify the GUI Client IP addresses that will be allowed
>> > to
>> > connect.
>> >
>> > Ray
>> >
>> > wrote in message
>> > news:1161361870.201854.60940@m7g2000cwm.googlegroups.com...
>> > > Now I'm always getting "Authentication failed" whenever I try to
>> > > access
>> > > the machine with the policy editor.
>> > >
>