Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Upgrade 4.1 to NG

To: [email protected]
Subject: Re: [FW-1] Upgrade 4.1 to NG
From: Alexander Hoogerhuis <[email protected]>
Date: Wed, 31 Oct 2001 21:33:02 +0100
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

We have had a few niggling problems with the installation on Solaris,
as it is very hard to get FW-1 NG to cooperate with a machine that
needs to be hardened. Examples are:

* it cannot live with /usr and /opt mounted read-only.

* the desktop policy package (and others) create their log-directory
  as a direcoty in the /opt-hierarchy, not as a symlink to /var/opt

* package install scripts depends on absolute paths so it is
  completely useless in an automated install environmens
  (JumpStart+JASS).

* it has a tmp-firectory under the /opt-hierarchy, which is (as with
  the log-directory over) an actual directory, not a symlink to
  /var/opt. It doesnt even check that its tmp-directory is writable
  and cpver and friend will happily try to run and segfault for no
  apparent good reason.

* It will replace /usr/sbin/ndd during boot, with its home grown
  version.

If anyone at Chekpoint is listening and wants to integrate good
support for their product on a very locked down machine I'm more than
willing to submit patches to the package install scripts and runtime
scripts to make this a happier place.

cheers,
Alexander

Nico De Ranter <[email protected]> writes:

> We are experiencing serious problems trying to get the rulebase and objects.C
> upgraded :-(.  Upgrading objects.C finaly worked but the rulebase either produces
> errors in the GUI or crashes the GUI completely (note: GUI on NT, modules on Solaris)
>
> Nico
>
> On Tue, Oct 23, 2001 at 09:51:36PM -0400, Juan Concepcion wrote:
> > Only thing that I saw was that the firewall modules were automatically
> > created for you with no option to change the intitial settings on it.
> > Suggestion in the documentation is to create an identical object then
> > delete the original.
> >
> > Nico De Ranter wrote:
> >
> > > Anybody attempt an upgrade from 4.1 to NG already?
> > > We are getting error messages when trying to save a policy
> > > from the NG policy editor  (management console is NG, firewall
> > > module is 4.1)
> > >
> > > Nico
> > >
> > > ---------------------------------------------------------
> > >  "It has been said that there are only two businesses that
> > >   refer to customers as users: illegal drug trade and
> > >                the computer industry."
> > > ---------------------------------------------------------
> > > Nico De Ranter
> > > Sony Service Center (SDCE/VPE-B)
> > > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
> > > 1130 Brussel (Bruxelles), Belgium, Europe, Earth
> > > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
> > > e-mail: [email protected]
> > >
> > > ===============================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > ===============================================
> >
> > ===============================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > ===============================================
> ---------------------------------------------------------
>  "It has been said that there are only two businesses that
>   refer to customers as users: illegal drug trade and
>                the computer industry."
> ---------------------------------------------------------
> Nico De Ranter
> Sony Service Center (SDCE/VPE-B)
> Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
> 1130 Brussel (Bruxelles), Belgium, Europe, Earth
> Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
> e-mail: [email protected]
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================

--
Alexander Hoogerhuis
FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

References:
- [FW-1] Upgrade 4.1 to NG
  - From: Nico De Ranter <[email protected]>
- Re: [FW-1] Upgrade 4.1 to NG
  - From: Juan Concepcion <[email protected]>
- Re: [FW-1] Upgrade 4.1 to NG
  - From: Nico De Ranter <[email protected]>

Prev by Date: Re: [FW-1] VPN with OSPF for Failover
Next by Date: Re: [FW-1] comparison between Pix and FW-1
Previous by thread: Re: [FW-1] Upgrade 4.1 to NG
Next by thread: Re: [FW-1] Upgrade 4.1 to NG
Index(es):
- Date
- Thread