Troubleshooting guide
Chapter 4 Troubleshooting Routers and Embedded Systems VPN-1/FireWall-1 configuration for a Xylan switch
Advanced Technical Reference Guide 4.1 • June 2000 38
VPN-1/FireWall-1 configuration for a Xylan switch
You should have a management control module. It is called the Enterprise Management Console or EMC
(VPN/FireWall management module). For a switch to support VPN-1/FireWall-1 functionality it requires a
licensed inspection module (VPN/FireWall module). Due to other resident networking and switching software,
16MB DRAM is a minimum requirement but 32 or 64 MB is recommended.
After preparing the Xylan Switch hardware you should simply configure the Xylan switch Network object
through the VPN-1/FireWall-1 GUI and establish authentication between the VPN-1/FireWall-1 management
(using the command “fw putkey” on the management) and the Xylan switch (using the command
“fwconfig” on the Switch). To configure the VPN/FireWall inspection module and to display its current
configuration on the Xylan switch use the “fwconfig”command.
Functions supported in VPN-1/FireWall-1 on Xylan Switch
The functions supported in VPN-1/FireWall-1 on a Xylan switch are:
• Accept/Reject rules
• Logs and Alerts
• Anti-Spoofing
• Time objects (version 4.1 and higher)
Common problems resolution
Problem which the remote Firewall is not dynamically downloading the correct
policy
10022.0.1673144.2471537
See the SecureKnowledge Solution (ID: 10022.0.1673144.2471537) in the Check Point Technical Services site
Problem, which the management module doesn’t get, logs from routers, few
possible causes and resolution.
10022.0.527050.2411096
See the SecureKnowledge Solution (ID: 10022.0.527050.2411096) in the Check Point Technical Services site
Problem which you can’t load policy into xylan module and you receive an
“unauthorized action” error message.
55.0.634804.2563934
See the SecureKnowledge Solution (ID: 55.0.634804.2563934) in the Check Point Technical Services site