[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Upgrade 4.1 to NG
We have had a few niggling problems with the installation on Solaris, as it is very hard to get FW-1 NG to cooperate with a machine that needs to be hardened. Examples are: * it cannot live with /usr and /opt mounted read-only. * the desktop policy package (and others) create their log-directory as a direcoty in the /opt-hierarchy, not as a symlink to /var/opt * package install scripts depends on absolute paths so it is completely useless in an automated install environmens (JumpStart+JASS). * it has a tmp-firectory under the /opt-hierarchy, which is (as with the log-directory over) an actual directory, not a symlink to /var/opt. It doesnt even check that its tmp-directory is writable and cpver and friend will happily try to run and segfault for no apparent good reason. * It will replace /usr/sbin/ndd during boot, with its home grown version. If anyone at Chekpoint is listening and wants to integrate good support for their product on a very locked down machine I'm more than willing to submit patches to the package install scripts and runtime scripts to make this a happier place. cheers, Alexander Nico De Ranter <[email protected]> writes: > We are experiencing serious problems trying to get the rulebase and objects.C > upgraded :-(. Upgrading objects.C finaly worked but the rulebase either produces > errors in the GUI or crashes the GUI completely (note: GUI on NT, modules on Solaris) > > Nico > > On Tue, Oct 23, 2001 at 09:51:36PM -0400, Juan Concepcion wrote: > > Only thing that I saw was that the firewall modules were automatically > > created for you with no option to change the intitial settings on it. > > Suggestion in the documentation is to create an identical object then > > delete the original. > > > > Nico De Ranter wrote: > > > > > Anybody attempt an upgrade from 4.1 to NG already? > > > We are getting error messages when trying to save a policy > > > from the NG policy editor (management console is NG, firewall > > > module is 4.1) > > > > > > Nico > > > > > > --------------------------------------------------------- > > > "It has been said that there are only two businesses that > > > refer to customers as users: illegal drug trade and > > > the computer industry." > > > --------------------------------------------------------- > > > Nico De Ranter > > > Sony Service Center (SDCE/VPE-B) > > > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) > > > 1130 Brussel (Bruxelles), Belgium, Europe, Earth > > > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 > > > e-mail: [email protected] > > > > > > =============================================== > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > =============================================== > > > > =============================================== > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > =============================================== > --------------------------------------------------------- > "It has been said that there are only two businesses that > refer to customers as users: illegal drug trade and > the computer industry." > --------------------------------------------------------- > Nico De Ranter > Sony Service Center (SDCE/VPE-B) > Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) > 1130 Brussel (Bruxelles), Belgium, Europe, Earth > Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 > e-mail: [email protected] > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== -- Alexander Hoogerhuis FYI: perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|