Checkpoint Gaia FW Lost Connection to Management after a reboot - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Wednesday, September 26, 2012

Checkpoint Gaia FW Lost Connection to Management after a reboot


After rebooted one of cluster member, I found it lost the connection to Management Server for somehow. SIC, SSH, GUI all are not working anymore. Through Console, I could log into firewall and found this:

[Expert@CP-FW-2]# cpconfig
cpinst Error: Host name resolution for CP-FW-2 failed.
                   Local host name resolution is required for normal Check Point Security Gateway operation
                   Please correct this error and run cpstart again:
                   Add an entry for CP-FW-2 in /etc/hosts


Since it mentioned /etc/hosts file, based on previous experience, I opened the hosts file to check.

[Expert@CP-FW-2]# cat /etc/hosts
#  This file was AUTOMATICALLY GENERATED
#  Generated by /bin/hosts_xlate on Wed Sep 26 09:27:03 2012
#
#  DO NOT EDIT
#
192.168.1.1 CP-FW-2.gddd.com
127.0.0.1 localhost
::1 localhost

I  added a new line into hosts file:
192.168.1.1 CP-FW-2 

then did cpstop and cpstart. Everything comes back. Policy loaded and firewall connected back to management server. But this change doesn't survive a reboot. Since we are using Gaia version R75.40, Gaia doesn't support manually configuration of hosts file. What we can do is using following method to change hosts file:

from clish: set host name <hostname> ipv4-address <interface IP>
save config

Tested with a reboot, the change is kept in hosts file this time. Issue resolved.


No comments:

Post a Comment