$FWDIR/conf/fwauthd.conf file is corrupted on the source Security Management Server, from which you have exported the configuration - several lines are missing the exectable parameter (in particular, entry for port 80).
Follow these instructions:
Distributed environment (Security Management Server and Security Gateway are installed on separate machines)
This problem (issue ID 01288873) was fixed on pure Security Management Server. The fix is included in:
Check Point recommends to always upgrade to the most recent version (upgrade Security Gateway / upgrade Security Management Server / upgrade Multi-Domain Security Management Server).
Code was improved: The call to "
fw authd_set -b fwauthd.conf" command was removed from '
migrate import' command because it is not relevant for pure Management Servers (in Distributed environment).
For lower versions, Check Point can supply a Hotfix. Contact Check Point Support to get a Hotfix for this issue.
A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
Hotfix installation instructions:
Note: In Management HA environment, this procedure must be performed on both Management Servers.
- Hotfix has to be installed on Security Management Server.
- Transfer the hotfix package to the machine (into some directory, e.g.,
Unpack the hotfix package:
[Expert@HostName]# cd /some_path_to_fix/
[Expert@HostName]# tar -zxvf fw1_wrapper_HOTFIX_NAME.tgz
Install the hotfix:
Note: The script will stop all of Check Point services (
cpstop) - read the output on the screen.
- Reboot the machine.
- Perform '
StandAlone environment (Management Server and Security Gateway are installed on the same machine)
- Connect to command line on the source Security Management Server, from which you have exported the configuration.
- Log in to Expert mode.
Backup the current $FWDIR/conf/fwauthd.conf file:
[Expert@HostName]# cp $FWDIR/conf/fwauthd.conf $FWDIR/conf/fwauthd.conf_ORIGINAL
Edit the current $FWDIR/conf/fwauthd.conf file:
[Expert@HostName]# vi $FWDIR/conf/fwauthd.conf
Change the line with in.ahttpd process (entry for port 80):
80 in.ahttpd wait 0
80 fwssd in.ahttpd wait 0
- Save the changes and exit from Vi editor.
- Perform '
migrate export' from this source Security Management Server.
- Perform '
migrate import' on the target Security Management Server.
Show / Hide example of $FWDIR/conf/fwauthd.conf file from the default configuration
21 fwssd in.aftpd wait 0
80 fwssd in.ahttpd wait -2
513 fwssd in.arlogind wait 0
25 fwssd in.asmtpd wait 0
2525 fwssd in.emaild.smtp wait 0
110 fwssd in.emaild.pop3 wait 0
23 fwssd in.atelnetd wait 0
259 fwssd in.aclientd wait 259
10081 fwssd in.lhttpd wait 0
900 fwssd in.ahclientd wait 900
0 fwssd in.pingd respawn 0
0 fwssd in.asessiond respawn 0
0 fwssd in.aufpd respawn 0
0 fwssd in.ufclnt respawn 0
0 fwssd in.ufsrvr respawn 0
0 vpn vpnd respawn 0
0 fwssd mdq respawn 0
0 stormd stormd respawn 0
0 igwd igwd respawn 0
0 sds sdsd respawn 0
0 dtps dtpsd respawn 0
0 dtls dtlsd respawn 0
0 fwssd in.emaild.mta respawn 0
0 fwssd in.msd respawn 0
- 01288873 , 01290219 , 01288948 , 01296804 , 01296805 , 01410158
- This SK replaces sk97086