[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] remote upgrade question-pls help
Dear all, Some important and quick questions, I need to upgrade CP4.0 to CP2000 and change its external IP at the same time. (license is tied to this external IP) I had worked out the following procedure and ask you some question. 1)First, I create a rule using the GUI client and change the FW gateway IP to the new IP and save it as a new name for eg newfw.W without install. 2)Disable /etc/rc2.d/S00fw1bootd and /etc/rc3.d/S95firewall1 so that the fw won't start after reboot (I still wonder this step is neccessary 3)fwstop the firewall. 3)change the firewall external IP and edit the /etc/hosts and hostname.hme0 4)Install the CP2000 software using InstallU. But I have a question here. If I have already fwstop the fw deamon and then perform the installation, will it consider new installation or upgrade. As I still need the old configuration to be installed like newfw.W 5)Even we can retain the configuration file, can we still use our GUI client to choose the new configuration file newfw.W and compile and install it. What is the difference among Fw load newfw.W--1 Fw load newfw.pf gateway1--2 Fw fetch gateway1--3 What is the difference between 2 and 3? Gateway1 is specified as the target in 3. But How do I know what is my target name and for (1) how do the fw which target it should install it. Thnaks -----Original Message----- From: Greg Polanski [mailto:[email protected]] Sent: Friday, April 05, 2002 10:52 PM To: [email protected] Subject: fwstop is probably good idea. after thinking about the email I would change /etc/init.d/fw so the firewall does not start automatically and use plaintext telnet to fw fetch .... get the rule with the new address first fwstart greg -----Original Message----- From: Greg Polanski [mailto:[email protected]] Sent: Friday, April 05, 2002 10:49 PM To: [email protected] Subject: Re: [FW-1] remote upgrade question-pls help Here is the path that I would follow. 1. add rule that permits plaintext telnet from the current external address of your firewall and from the address of an external ISP that you can access. set rule for both current IP address and new IP address If the rest of the instructions go bad, you can still get in 2. Change IP first, the upgrade or Upgrade first, then change IP. 3. If the license is not tied to the external IP, (I am doing this from memory) edit address in /etc/hosts reboot change IP in FW rules on management station recompile and reload rebooted system should accept push 4. Upgrade I have not done it yet greg "Sim, CT (Chee Tong)" wrote: > > Hi.. > > I need to remotely upgrade my other branch's Checkpoint firewall (solaris) > from CP4.0 to CP2000 and at the same time, its external IP of the firewall > (which CP was installed on) needed to be changed. I need to ask a few > questions about the upgrading procedure as it involves change of IP as well. > (The new license that we get is for the new IP). > > 1) At first, should I do upgrade first or change the IP first? If we change > the external IP without stopping FW service, the FW deamon will stop right? > If I fwstop the FW service first, will I be disconnected from my telnet > session? I won't be able to log in to console as I am not at the branch. I > think the FW control the access to the solaris box if the FW service fail to > run. How to disable it? > > 2) Even, after we changed the external IP of the FW and start to upgrade to > CP2000, we need to install the old policy again, but the FW external IP in > the old policy is the old one right? How we need to do about it. Just > change it to new FW IP in the policy and install it right? > > 3)How many free space we need for the upgrade to CP2000? I used to encounter > the following problem when I upgraded my FW from CP4.0 to CP2000, it happen > when I tried to install the old policy to the new CP2000. How to avoid? > > Installing Security Policy foobar on all.all@firewall > Has only loopback (lo) interface, aborting.. > Failed to load security policy: No such file or directory > Fetching Security policy from firewall failed > > Thanks in advance > Tong > > ================================================================== > De informatie opgenomen in dit bericht kan vertrouwelijk zijn en > is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht > onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en > de afzender direct te informeren door het bericht te retourneren. > ================================================================== > The information contained in this message may be confidential > and is intended to be exclusively for the addressee. Should you > receive this message unintentionally, please do not use the contents > herein and notify the sender immediately by return e-mail. > > ================================================================== > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= -- _______________________________________________________________ Greg Polanski mailto:[email protected] ADC Telecommunications, IncMSFAX PO Box 1cell/pager Minneapolis, MN [email protected] _______________________________________________________________ ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ================================================================== ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|