Checkpoint Secure Platform (SPLAT) Smartcentre

Rebuilding our Checkpoint Secondary management Server this week after a hardware failure gave us an interesting surprise: The Checkpoint Secure Platform installation process kept making the dedicated secondary management server also be a firewall policy enforcement point.

Found this page that described the same problem, and a likely solution:

cpprod_util FwIsFireWallModule

The management station returned a 1, indicating that it was indeed a firewall so we unloaded the firewall policy:

fw unloadlocal

got rid of the installed policy temporarily and we then changed the setting:

cpprod_util FwSetFireWallModule 0

Restarting the firewall services saw everything working fine:

cprestart

but a reboot left us in the exact same position, with the node loading the "initial" firewall policy on boot, even though it was now reporting itself not to be a firewall enforcement node. (now, trying to perform an "fw unloadlocal" resulted in the SPAT box telling us that it could not, because it was not a firewall.

Now there are ways to prevent the initial policy from loading at bootup , but I am always after a cleaner install, and less hacking of a nice fresh clean system, so we gave Checkpoint a call. The Checkpoint guy promptly advised us that the use of SmartView Monitor was not supported, and was not even supposed to work unless the node was also a firewall. Now this was news to us, as we had been running Smartview Monitor for the last 2 years on this system without skipping a beat.

It did however lead us in the right direction: We reinstalled the SPLAT server, only selected Smartcentre, configured it as a secondary management server, got the whole thing working, THEN installed Smarview Monitor after the fact (just like I now remember we did when it was built the first time!!)

Problem solved. It would appear that if you install Smartview Monitor at the initial run of cpconfig, it assumes that you want to make the node an enforcement point, but if you install it as a dedicated Smartcentre first, then install Smartview Monitor, it works.

Ubuntu Server 6.1.0 under Parallels: unknown interrupt or fault at EIP 00000060 c0100295 00000294

Tried to install Ubuntu Server 6.1.0. The installation went fine, but on the first boot, got the following error:

unknown interrupt or fault at EIP 00000060 c0100295 00000294

The install was a dead duck...

Found this article on the Parallels support site that saw me through. Required steps were as follows:

1) Boot from CD, type 'rescue' at the prompt to launch the rescue kernel image;
2) Follow the bouncing ball, and answer the questions. I had to set up the NIC addressing manually.
3) Select the option: "Execute a shell in /dev/hda1"
4) Install the generic kernel: (you will need an Internet connection...)

4.1) apt-get install linux-image-generic
4.2) exit

5) The installer hung. Pressed (fn*) ALT-F2 to get to a different console;
6) Unmounted the live disk: umount /dev/hda1
7) Rebooted: shutdown -r now
8) When logged in to the new system, change the GRUB default to boot the Generic Kernel:

8.1) vi /boot/grub/menu.lst
8.2) change the line "default 0" to "default 2"

9) reboot.

* fn needed as I am on a laptop, and F?? keys are not real F?? keys by default...

update: smcFanControl killed my MacBookPro

Well, Hendrik the developer of smcFanControl has left me a comment after my last post on the unfortunate side effects of my installation of smcFanControl. Now THAT is service!! I am not even sure how he found the post!! Well, I have emailed him the details of my experience. We will have to see if this was a one off, or wether this is a more repeatable problem... time will tell... and again... hats off to Hendrik for the effort... it certainly impressed this little duck...

Firefox 2.0 on OS X broken from the get-go!

Well, I was excited to see that Firefox 2.0 has been released, and early to boot! I will admit though, I was a little disappointed at the end result. I gladly splatted my existing version of Firefox (1.5.07) with the latest Mozilla release, only to find it unusable. All the content was crammed into the left hand side of the window, tabs and all. 15 minutes of troubleshooting later diagnosed it as an extension problem. Finally discovered the culprit: Tabbrowser preferences v1.3.1. uninstalled it, and Firefox 2.0 is now purring along nicely. Interestingly enough, the latest version of Tabbrowser preferences (1.3.1.1) exhibits the same behavior.. oh well.. I guess I will have to file a bug report...

OSX 10.4.8 and the green iSight...

After I was greeted with a wonderful green screen on launching photobooth on my MacBookPro this evening, I noticed with relative shock the sheer number of people with a problem after applying 10.4.8, and so few solutions.. So after several unsuccessful reboots, I finally caved to this suggestion,and reset the PMU on my MBP:

Reset PMU on the MacBook, MacBook Pro
1. If the computer is on, turn it off.
2. Disconnect the AC Adapter and remove the computer's battery.
3. Press and hold down the power button for 5 seconds and then release the button.
4. Reconnect the battery and AC Adapter.
5. Press the Power button to restart the computer.

iSight back so far. time will only tell if it sticks..

smcFanControl killed my MacBookPro

Well,
smcFanControl is a wonderful little app. it has made it possible for me to use my Mac on my lap. I did however select the "Auto apply settings after launch" option. This turned out to be a big mistake. Long story short, my MacBookPro would log in, and then just hang after the login prompt. Solution:
- Boot to single user mode (hold down "s" at boot till the wheel spins)
- remount filesystem rw (mount -rw /)
- and kill the smcfancontrol plist file in your preferences (com.eidac.smcFanControl.plist)

Voila. Mac back in action...