Firewall Wizards mailing list archives

Lost DH-key

From: "Joe Ippolito" <joe () joesnet com>
Date: Wed, 2 Feb 2000 10:05:43 -0800

I have had this happen twice now so it is time to query the group with it.
When using skip-method VPN's renaming of a remote firewall object on a FW-1
management server results in apparently irrecoverable loss of the
Diffe-Hellman key.  I do this once in awhile when moving a firewall from one
city to another or to bring the object name up to company standards.

There is this peculiar "write" button on the interface that allows you to
save a copy of the key.  I have not found any way to put the key back in
though.  I asked CP support people what it was for and their response was
that it allows the key to be used to manually configure a skip-method VPN on
another vendor's product.  It would not be a big concern but when it effects
a 28-plus node fully-meshed VPN network it means refetching keys and
installing policies on all firewalls.  Anyone out there ever recover a lost
FW-1 DH key?

Current thread:

RE: Nokia/Checkpoint firewall Starkey, Kyle (Feb 01)
- RE: Nokia/Checkpoint firewall Yin To Chu (Feb 02)
  - Lost DH-key Joe Ippolito (Feb 02)
    - Re: Lost DH-key Sean Costello (Feb 04)
  - Re: Nokia/Checkpoint firewall Joe Ippolito (Feb 02)
    - Re: Nokia/Checkpoint firewall Roelof JT Jonkman (Feb 03)
    - RE: Nokia/Checkpoint firewall Mike Hartnett (Feb 06)
    - Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 06)
  - Re: Nokia/Checkpoint firewall Josef Pojsl (Feb 03)
    - RE: Nokia/Checkpoint firewall Yin To Chu (Feb 03)
    - Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 06)
    - Re: Nokia/Checkpoint firewall Josef Pojsl (Feb 07)
    - Re: Nokia/Checkpoint firewall Jerald Josephs (Feb 10)

(Thread continues...)