The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: Failed to Load Security Policy on gateway: Connection Refused

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


The first thing you should check is to make sure you have the correct IP address defined in the workstation object that represents your gateway. If this is incorrect, you will get this error message. If the IP address is correct, then it is likely the fwd process has died. On Unix, check for the occurance of an 'fwd' process with ps. On NT, look for the presence of an 'fw.exe' process with a process ID that matches the one listed in %FWDIR%\tmp\fwd.pid. To restart fwd, you can either:

  • Bounce the firewall (fwstop ; fwstart)
  • On Unix, run: fwd
  • On NT, run: fw fwd (But you're better off bouncing the firewall)

If fwd is running and you are having this problem, you have a security policy loaded on your firewall that prohibits your management console from accessing the firewall on port 256. Try:

    fw fetch management-console

If that does not work, you will have to Install Accept All Policy On Module.

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.