[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Importing Rules from 4.0 to 4.1

To: "'Ben Cuthbert'" <[email protected]>
Subject: RE: [FW1] Importing Rules from 4.0 to 4.1
From: "Roelandts, Guy" <[email protected]>
Date: Thu, 26 Jul 2001 14:00:10 +0100
Cc: [email protected]
Sender: [email protected]

Ben,

   If what you want to achieve is, merge the 4.0 objects
 in the 4.1 objects file, I think you need to use the fw
 confmerge, PhoneBoy FAQ 149 explains this  :

 Merging objects.C files

FireWall-1 supports a command called "fw confmerge" that will allow you to
merge multiple objects.C files into one file (this is how the fwinstall
script does an upgrade). The syntax is: 
    fw confmerge obj1.C obj2.C > objects.C 

Which merges obj1.C and obj2.C into the file objects.C. The proper procedure
for performing this merge is as follows: 

Stop the firewall (fwstop). 
Make a backup of the $FWDIR/conf directory. 
Copy your objects.C files into a temp directory, giving them different names
(e.g. obj1.C, obj2.C). 
Run the command 'fw confmerge obj1.C obj2.C > objects.C' 
Remove objects.C, objects.C.sav, objects.C.bak from $FWDIR/conf 
Copy the new objects.C file into $FWDIR/conf. 
Start the firewall (fwstart). 
I have found this works best when one of the objects.C file is "clean," i.e.
from a fresh install. This is what the FireWall-1 upgrade process does. 
Make sure that if you're converting from Windows to Unix (or vice versa)
that you change the line endings, otherwise you will get errors when
executing this command. 

When merging the objects from a 3.0b management console to a 4.1 management
console using fw confmerge, the interfaces tab on the FireWall objects do
not get populated and has to be entered manually, SNMP may or may not work.
This is also true for any object that requires the interface tab to be
populated. (i.e. routers and switches). Version information may not carry
over. In this case, you will have to delete and recreate the objects so that
they are created properly. 

Warning: confmerge has been proven to put duplicate entries in the objects.C
file. If two objects have the same name, but different colors, they are
duplicated. (Thanks to Mark Poole for the tip) 

  Not sure if this is what you are looking for ??

Met vriendelijke groeten - Bien � vous - Kind regards

Guy ROELANDTS
EMEA GS Internet Expertise Centre
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65

-----Original Message-----
From: Ben Cuthbert [mailto:[email protected]]
Sent: Wednesday, July 25, 2001 11:23 PM
Cc: [email protected]
Subject: Re: [FW1] Importing Rules from 4.0 to 4.1

Yeah i have done that, now how do i get the rules from 
my 4.0 Firewall management station into the 4.1 management station , so 
i do 
not loose all my settings

..

what i have is this

 	1 x Firewall-1 4.0 , running now  on E250 . . This firewall has 
all the current settings, 
	1 x firewall-1 4.1 , running on E450 , , i want to take the setting 
from the 4.0 firewall and put them into the 4.1

On Wed, 25 Jul 2001 01:55:46 Christopher Bangun" wrote:
> hi, you dont need to export 4.0 rules, if u install backward 
> compatibility on fw management module, it will install rules for 4.0 on 
> fw module that has 4.0 installed, and install 4.1 rules on 4.1 fw 
> modules.
> 
> important things to do,
> 
> changes FWDIR into /opt/CKPfw if you want to install fw lic for 4.0, 
> and dont forget to canges it back to /opt/CPfw1-41 afterwarth.
> 
> You dont need to install the backward comp. on fw modules.
> 
> Cheers,
> 
> Christopher Bangun
> 
> ----- Original Message -----
> From: "benjamin.c" <[email protected]>
> Date: Wednesday, July 25, 2001 1:52 am
> Subject: [FW1] Importing Rules from 4.0 to 4.1
> 
> > 
> > Hi all
> > 
> > could someone help me with how i import rules from 
> > 4.0 checkpoint to checkpoint 4.1. . . . the
> > management station has backward compatibility , and the fw modules
> > do not. 
> > 
> > 
> > 
> > 
> ========================================================================
> ========
> >     To unsubscribe from this mailing list, please see the 
> > instructions at
> >               http://www.checkpoint.com/services/mailing.html
> > 
> ========================================================================
> ========
> > 
> > 
>  
> 
> 

============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Time out for TCP handshake
Next by Date: RE: [FW1] Firewall log info
Prev by thread: Re: [FW1] Importing Rules from 4.0 to 4.1
Next by thread: RE: [FW1] Importing Rules from 4.0 to 4.1
Index(es):
- Date
- Thread