Authentication for command load failed  (4.1)

If the putkey command is not working, you can flush all putkey related files as follows:

1. Run 'fwstop' on the management module and the firewall modules

2. Backup the following files by copying them to <filename>.old

$FWDIR/database/authkeys.C
$FWDIR/database/opsec_authkeys.C
$FWDIR/conf/fwauth.keys
$FWDIR/conf/serverkeys.*
Note: You must delete the original files. If you do not, the new putkeys will not overwrite the old keys and the procedure will not work.

3. Confirm that $FWDIR/lib/control.map is using the same authentication method as the management module (either fwa1 or skey).

4. Make sure the modules are able to resolve each other's IP address, and the addresses you receive are the ones you use in steps 5 and 6.

5. On the management module, perform the following command:
fw putkey -p <password> -n <management module IP> <firewall module IP>

6. On the remote firewall modules perform the following command:
fw putkey -p <password> -n <firewall module IP> <management module IP>

7. On the management module:
fwstart  

8. Wait for manager to be up, and then on the firewall module(s):
fwstart

The putkey process is very detailed and a single error can make it fail. If the putkey process still does not work. Repeat steps 1. to 8.

22/MAY/02 Jim Parker

< back