FireWall-1 FAQ: Authentication for command fetch/load failed
Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.
I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.
If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)
Whenever my firewall starts up, I get this error message:
`Authentication for command fetch failed`
Or I get this error message whenever I try and install a security policy from my management console:
`Authentication for command load failed`
In some cases, this may happen because you have an encryption license on one system and no encryption license on the other. In days past, there used to be warnings about this, but this does not appear to be the case anymore. See WARNING: Using S/Key Authentication instead of FWA1: No Encryption License for more information.
It is also likely your authentication keys are out of sync for your firewall and management console. Here are the steps to clear it:
1, Check to make sure the time on your firewall and management console is nearly similar (relative to GMT).
- On firewall, type ‘fwstop’
- On management, type ‘fwstop’
- On the firewall, type the following: fw putkey -p password management-ip
- On the management console, type the following: fw putkey -p password firewall-ip
- On management console, type ‘fwstart’
- On firewall module, type ‘fwstart’
If this doesn’t work, see Can’t get putkeys to work