|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Remote node versus standalone
Hi Tia, I have just done something very similar. Its a bit of a pig (depending on how much you need to change), but it does work. On the "phoneboy" faqs there is a nice list of all the files you need to move if you want to migrate a rulebase (sorry can't rememebr the reference exactly just now) but if you can locate this you basically need to copy the "objects.c" and "rulebase..." to the NT platform. What I did was write a few VB scripts in WORD to edit the rules (ours are a bit large) but its not too much trouble as its all text based. Once these rules are in the right dirs on NT the NT Management Stataion should pick 'em up ok and let you download to the newly converted remote Inspection Engine. As for converting the Inspection Engine.... If you rename the "$FWDIR/conf/product.conf" to "$FWDIR/conf/inst.conf" then run "cpconfig" the Nokia thinks its an first-time config run (although it doesn't lose the details you have like licenses !) and you can reset the box from standalone to remote. Don't try to edit the product.conf file directly though - doesn't work ! I hope this helps, regards, Gordon ________________________________________________________________________________________ >From x fw1 <[email protected]> on 13 December 2001 09:27:45 To : [email protected] Subject : [FW-1] Remote node versus standalone Hi We have Master firewall in central site which controls all remote node firewalls (VPN-1 4.0 NT4, soon to be VPN-1 4.1 SP5(?) on Nokia IP440). Before the central firewall is changed I have to install a standalone -don't ask!- (a new VPN-1 4.1 SP5 Nokia IP440 - yes another one) into one of our remote sites. Later this firewall should be brought 'back into the fold' and be a standard remote node - managed from the central site. I am trying to find out pitfalls, my assumptions are:- 1. I will need Management Console license for remote site (even though it will eventually be managed remotely) - bit of a downer on the budget.... 2. The process of changing from 'standalone/mgt console' to remote node will be straightforward (did I hear the words fly and pigs somewhere ?) Any comments ? TIA T _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] ================================================= ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= If you have any questions on how to change your subscription options, email Ron Alcatraz at: [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
