If the New Firewall wizard fails to finalize the configuration, the communication with the firewall hardware does not work as intended. One of the following errors has likely occurred:
Management interface improperly connected
Check the link indicators of the network interface you selected as management interface. If there is no link indication, there might be a cable problem.
Wrong cable type
Is your firewall directly connected to a router or another host? In this case, you will need an "X-ethernet" cable to connect the firewall to that unit. Using the wrong cable type may result in the link indicators indicating link failure.
Routing problems
If the firewall and the management server are connected via a router, is the default gateway setting correct on both the firewall and the management server?
It still is not working!
Should none of the above be of any assistance, check the statistics information for the management interface using the ifstat command. Issue the following command on the firewall console:
> ifstat ifN
(where ifN is the name of your management interface)
This will display a number of counters for the network interface.
If the Input counters of the hardware section are not increasing, the error is likely in the cables. However, it may simply be the case that the packets aren't getting to the firewall in the first place. You may want to verify this with a packet sniffer attached to the network in question.
If the Input counters of both sections are increasing, the interfaces may be attached to the wrong physical networks. Additionally, there may be a problem with the routing information in the connected hosts or routers.
Another test can be performed by running the command arpsnoop on the firewall console. It will dump ARP packets heard on selected interfaces. Arpsnoop is a convenient method of verifying that the correct cables are attached to the correct interfaces.
> arpsnoop all
ARP snooping active on interfaces: if1 if2 if3 if4
ARP on if2: gw-world requesting ip_if2
ARP on if1: 192.168.1.5 requesting ip_if1
If all else fails, please contact your reseller for technical support.