Re: [FW1] How is a rulebase exported?

[Randall Kizer <randall@FW1-NOSPAMintelenet.net>]

I recently went through this upgrade, and it worked flawlessly (my problems 
were related to the $FWDIR/lib/control.map file).  Here were the procedures 
supplied by Check Point Technical Support.  (hint: the fw confmerge is a 
critical step.)

Good Luck!
--------------------------------

Steps to upgrade:

1. Backup the following text files (or better yet, the whole system
at level zero dump):
$FWDIR/conf/objects.*
$FWDIR/conf/*.W
$FWDIR/conf/*.pf
$FWDIR/conf/*.fws
$FWDIR/conf/fwauth.NDB*
$FWDIR/state/*.*
$FWDIR/database/*.*

2. If you are upgrading from a UNIX box to an NT box, be sure and convert
the text files from UNIX ASCII to WinNT4 ASCII and then transfer them
to the new box. The easiest way is to FTP from the UNIX machine to
the Windows NT box in ASCII mode.

3. To transfer the user database from the old FW to the new FW,
# $FWDIR/bin/fw dbexport -f outfile.txt
then,
C:> %systemroot%/bin/fw dbimport -f outfile.txt

4. fw confmerge obj41.C obj40.C > objects.C

This merges 4.1 objects.C and 4.0 objects.C into the file objects.C.
The proper procedure for performing this merge is as follows:

   1. Stop the firewall (fwstop).
   2. Make a backup of the $FWDIR/conf directory.
   3. Copy your objects.C files into a temp directory, giving them different
names (e.g. objects41.C, objects40.C).
   4. Run the command 'fw confmerge objects41.C objects40.C > objects.C'.
   5. Remove objects.C, objects.C.sav, objects.C.bak from $FWDIR/conf.
   6. Copy the new objects.C file into $FWDIR/conf.
   7. Start the firewall (fwstart).

5. See the file $FWDIR/state/local.fc for the last Security Policy installed.
To rebuild the rulebases.fws:
fwstop
(WinNT) $FWDIR\bin\fw m -g $FWDIR\conf\<file names>.W
(UNIX) $FWDIR/bin/fwm -g $FWDIR/conf/<file names>.W
fwstart

6. The only objects.C file should be the one from $FWDIR/conf/ subdir.


At 01:23 PM 9/28/00 +0200, Graham Leggett wrote:

> Hi all,
>
> In a nutshell:
>
> I have a 4.0 based firewall and management console installation. Running
> alongside it is a brand new v4.1SP2 firewall and management console
> installation. I need to export the rulesets from the v4.0 config and
> load it into the v4.1 system.
>
> Is there ANY way whatsoever to get a v4.0 configuration exported out of
> v4.0 and into v4.1?
>
> The documentation includes a really lame line saying that simply copying
> the config files from the one system to the other won't work. It then
> neglects to mention what will work.
>
> None of the upgrade procedures work. Every single time we have tried we
> have ended up with either a corrupt configuration or a firewall and
> management console that refuse point blank to talk to each other. With
> the inherent instability that FW1 has demonstrated so far there is no
> way we can risk trying anything on the live installation.
>
> We are completely desperate. Has anyone successfully managed to do this?
>
> Regards,
> Graham
> --
>
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================ 







---
"It is better to be true to what you believe,
 though it be wrong, than to be false to what
 you believe, even if that belief is correct."
                                 -- Anna Howard Shaw



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================