000019076 - How to clear node secret from NetScreen Firewall

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019076
Applies ToNetScreen Firewall
RSA ACE/Server
IssueHow to clear node secret from NetScreen Firewall
Error: "Node verification failed" in ACE/Server logs
Resolution1. From a NetScreen telnet session, execute the following command:

    clear node_secret <enter>

or for newer versions (e.g. version 5.3), execute the following command:

    delete node_secret <enter>

2. If you are in high availability mode, execute the following command to synchronize NetScreen slave servers:

    exec ha file-sync node_secret.ace

NOTE: You also must clear the node secret on the ACE/Server

3. Run Database Administration (sdadmin on UNIX)

4. Go to Agent Host > Edit Agent Host

5. Uncheck the "Sent Node Secret" box. The next successful authentication will establish a new node secret between the ACE/Server and the NetScreen Firewall.
Legacy Article IDa5791

Attachments

    Outcomes