[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Finally but still far from ....
Hi guys, Ok. I have simulated a 4.1 to NG upgrade on solaris 8 (sparc). There are things that I noticed during the upgrade. I actually used 2 procedures. I used and compared Checkpoints Solution ID: skI3948 and http://www.fw-1.de/aerasec/41-ng/. They are almost identical. The only difference is that on the link above, it tells me to uninstall 4.1. Anyways, here are the things that I noticed: 1. If you are using a Policy with a different filename other than the Standard, once you run Policy Editor NG and load the rules, you will not see any any rules. Not even Address Translation. But good thing, you will see just the firewall object. :-) This is not what we wanted right. So now, how do we upgrade which will used our customized policy named (ex. Restricted.W)? 2. If you are using a default Policy Name, say Standard, loading of rules can be seen but here is what happened to me. 1. http://restricted.dyndns.org/ng/screen1.gif I am assuming that this is ok since Checkpoint tells us that VPN-1/Firewall-1 loses its states after an upgrade. Refer to page 87 of Getting Started.pdf. To fix this, I must install the Security Policy. 2. http://restricted.dyndns.org/ng/screen2.gif I am glad, the rules were imported which means that I had a successful fw confmerge. :-) But I was wondering why I got another object named fw1gateway. I didn't create this object when I was in 4.1. That name is only defined in my /etc/hosts file. Opening this object didn't contain anything, just the ip address. Btw, in my /etc/hosts file, fw1gateway is 192.168.1.100 and gateway-ext is 65.192.117.95. 3. http://restricted.dyndns.org/ng/screen3.gif Just somewhat similar to my explanation previously. 4. http://restricted.dyndns.org/ng/screen4.gif After all the 2 days of different simulation, this is what I got. :-> The long version of the error is: -------------snipped----------------- The Anti-Spoofing feature is not configured for object fw1gateway. This will allow address spoofing through this gateway. add_ca_cert_hash: failed corrupt internal_ca object add_ca_cert_hash: failed corrupt internal_ca object Starter_Network1.W: Security Policy Script generated into Starter_Network1.pf Starter_Network1: Compiled OK. Installing VPN-1/FireWall-1 policy On: fw1gateway ... VPN-1/FireWall-1 policy installation failed for module fw1gateway... Reason: Load on module Failed - No memory VPN-1/FireWall-1 policy installation completed with errors VPN-1/FireWall-1 policy installation Failed for: fw1gateway Segmentation Fault - core dumped Any help will be appreciated. Please :-) Neil neil camara ([email protected]) - cc{na|sa}, mcse - pgp 0x777777B2 network/security engineer - dl := +1(847)2.21.0.224 cn := +1(847)9.80.17.53 echo "I love windows" | sed -e 's/wi/u/g' | cut -f1 -dd | \ awk '/u/ {printf("%s %s %six\n",$1,$2,$3)}' ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|