Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] editing objects_5_0.C - can/should you? (fwd)

To: [email protected]
Subject: Re: [FW-1] editing objects_5_0.C - can/should you? (fwd)
From: "Daniel Fischer (J)" <[email protected]>
Date: Thu, 7 Mar 2002 16:50:46 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

I followed the instructions outlined below and managed to merge my
objects/rules without any hiccups... the only problem now is that I get this
error:

add_ca_cert_hash: failed corrupt internal_ca object

whenever I compile and install the policy. I tried looking for a way to
re-generate in the keys for the internal CA but I haven't found anything on
the CP support site or the docs. There used to be a command fw internalca
??? in 4.1 but it doesn't exist anymore.

Has anyone run into this before and found a solution?

Thanks
DF



-----Original Message-----
From: James Oryszczyn [mailto:[email protected]]
Sent: Friday, January 04, 2002 8:30 PM
To: [email protected]
Subject: Re: [FW-1] editing objects_5_0.C - can/should you? (fwd)


I have included the procedure from checkponts knowledge base on how to merge
objects and rulebases to go from 4.1 TO NG FP1.  There is also a procedure
that shows how to upgrade from NG to NG FP1


                  Solution: How to merge objects and rules from
VPN-1/FireWall-1 4.x management with VPN-1/FireWall-1 NG FP1 management
(skI3948)
                  To merge the objects and rules from Version 4.1 to NG FP1,
proceed as follows:

                  1. Issue 'cpstop'.

                  2. Copy <backup 4.1 objects.C> to
$FWDIR/conf/prev_ver_objects.C

                  3. Copy <backup 4.1 rulebases.fws> to
$FWDIR/conf/rulebases.fws

                  4. Copy <backup 4.1 fwauth.NDB> to $FWDIR/conf/fwauth.NDB
(on non-Unix OS you must also copy the link file. For example, the
fwauth.NDB includes only a link number i.e _FWNTLINK555. Find the fwauth.NDB
file with the same extension i.e fwauth.NDB555 and copy it as well)

                  5. Copy <the objects.C file coming from a clean NG FP1
installation> to $FWDIR/conf/empty_objects.C
                  (basically, rename the $FWDIR/objects.C to
empty_objects.C)

                  6. Remove (or rename) objects_5_0.C and rulebases_5_0.fws
from $FWDIR/conf

                  7. Issue $FWDIR/bin/fw confmerge
$FWDIR/conf/prev_ver_objects.C $FWDIR/conf/empty_objects.C >
$FWDIR/conf/objects.C

                  8. Issue $FWDIR/bin/fw checkobj
                  Note: if you do not use FloodGate-1 rules/objects then
ignore the errors followed by the 'fw checkobj' command)

                  9. Issue $FWDIR/bin/fw cpmi_upgrade

                  10. Downlod the default_objetcs.C file and copy it to
$FWDIR/conf

                  11. Issue $FWDIR/bin/fw upgrade sp1

                  12. Issue 'cpstart'

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Linux to VPN1 vpn
Next by Date: [FW-1] NG Installation
Previous by thread: Re: [FW-1] Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C)
Next by thread: [FW-1] NG Installation
Index(es):
- Date
- Thread