3
Managing EFW Devices Using the Policy Servers
44
Using the Recovery Diskette
If you are attempting to recover a NIC and none of the Policy Servers in the domain
for that NIC remain in operation, you need to clone one of the Policy Servers to regain
control of the NIC and return the NIC to a generic state by deleting it from the cloned
Policy Server.
To use the recovery diskette to clone the original Policy Server:
1
Perform a new Policy Server installation at the same IP address as any Policy Server
originally in the domain of the NIC.
2
(Optional) Restore the database using your most recent backup. The NIC you are
attempting to recover does not need to be in the backed-up database (in fact, no
NICs need to exist in the backup database), since it re-registers automatically to a
policy server at the same IP address as its original.
3
Overwrite the key files in the new installation with the files saved on the recovery
diskette.
Restoring Inoperable EFW NICs
A NIC that becomes inoperable may be made operational as an EFW NIC again by
installing the EFW NIC (using the Custom installation option on the
3Com Embedded
Firewall Installation CD
) on a machine with the NIC present. Configure the installation so
that the NIC reports to any Policy Server in its original domain when it boots up. For
instructions on installing EFW on a NIC using the Custom installation option, see
“Installing and Uninstalling EFW Software” on page 21.
Determining Whether EFW is Installed on a NIC
If the options listed above are unsuccessful in returning an operable or inoperable NIC to a
generic state, a hardware repair is necessary. If a NIC is still operational, but you are not sure
whether it has EFW installed, the following steps determine whether EFW is installed:
1
Place the NIC on a Windows NT, 2000, or XP Professional machine as the only NIC,
and then install the EFW NIC using the
Custom
option on the
3Com Embedded
Firewall Installation CD
.
2
Edit the
embdfw.ini
file which was installed so that the last line reads DBGLEVEL=2.
Make sure the
embdfw.ini
file contains the same communication port values that
would have been used previously by its Policy Server if it had been an EFW NIC.
Usually, these defaults are set by the product, which are 2081 for the control port and
2802 for the audit port.
3
Start the EFW agent from the Windows Services interface.
4
Check the file called
embdfw.log
in the System folder. If the log contains a message
stating that the agent could not find any Embedded Firewall NICs, EFW is not installed
on this NIC. If the log does not contain such a message and the agent continues to
run, then this NIC has EFW installed.
NOTE:
After the NIC is again under control of the Policy Server, you can delete it from
the Management Console, as noted in the bullet above, to regain a generic NIC.