Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Merging two FW1 management servers

To: [email protected]
Subject: Re: [FW-1] Merging two FW1 management servers
From: BillO <[email protected]>
Date: Fri, 31 May 2002 14:00:14 -0400
References: <B265A690BF2ADFC40B402BF239A@nyexchange>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Personally I think you would be better off manually rekeying all objects and
naming them accordingly in the enterprise management server.  the other
method will work....eventually.....as the mike says.  I imagine that your
single gateway implementation is not toooo big though.  the greater the
amount of overlap in naming and ip addressing, the more likely i am to say
that manual re-entry will save you a lot of headache.

one other thing to consider is whether you have NAT and other situations
where you have specified install on ALL gateways.  you will want to go
through the existing management server and specifiy the appropriate objects
to the appropriate currently managed firewall.  THEN back everything up.
THEN key in your new firewall objects and rules again specifying everything
to the particular firewall in question.

if you back up everything appropriately, falling back to the single gateway
mode will not be a problem if you run out of time in any given moment.

good luck
----- Original Message -----
From: <[email protected]>
To: <[email protected]>
Sent: Friday, May 31, 2002 12:44 PM
Subject: Re: [FW-1] Merging two FW1 management servers


> Are the objects same name, same IP or are they same name, different IP???
>
> If your duplicate objects are same name, same IP then when you merge the
> object files together make sure you delete all duplicate entries by
cutting
> the duplicates out. BEWARE - kiddies don't do this at home.
>
> If your duplicate objects refer to different IP's then pick the firewall
> that needs the least name changing and change all those duplicate objects
to
> different names so they are no longer duplicate.
>
> Then merge your two objects.C files together.
>
> BACKUP EVERYTHING FIRST!!! BACKUP EVERYTHING FIRST!!! BACKUP EVERYTHING
> FIRST!!!
>
> And this is a shortform discussion of fwstop -> backup everything ->
fiddle
> the objects.C files and merge -> rulebase merge (see phoneboy.com) ->
> fwstart -> doesn't work - try try again -> does work - woohoo!
>
> I accept no responsibility for you not knowing what I haven't said!!!
>
> I have done this and it works - eventually - once you've ironed out the
> wrinkles.
>
> Mike H
>
> > -----Original Message-----
> > From: mandebis ably [SMTP:[email protected]]
> > Sent: Thursday, May 30, 2002 12:59 PM
> > To:   [email protected]
> > Subject:      [FW-1] Merging two FW1 management servers
> >
> > I have two sites one with a single Fw1 gateway 250 licences at remote
and
> > the second at the head office with   an Entreprise unlimited FW1
gateway.
> >   Each one of them was installed on one machine with the firewall and
the
> > management on the same machine.
> >
> > Now I would like to use the management console at the head office to
> > manage both firewalls.
> > I would like to keep the management module and the FW module on the same
> > machine at the head office.
> > I have some objects with the same naming on both firewalls.
> >
> > What are the steps to do the merge safely ?
> >
> >
> >
> <<Disclaimer>>
>
> This electronic mail is intended only for the use of the addressee(s)
named
> herein. Unless otherwise specifically stated, the views contained and
> expressed in this electronic mail are strictly those of the individual
> sender and are not the views of the Company or any of its Directors or
other
> employees. If you are not the intended recipient of this electronic mail,
> you are hereby notified that any dissemination, distribution or coping of
> this electronic mail is strictly prohibited. If you received this
electronic
> mail in error please immediately notify us by return electronic mail and
> delete this electronic mail from your system.
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] Merging two FW1 management servers
  - From: [email protected]

Prev by Date: Re: [FW-1] VPN And NAT
Next by Date: Re: [FW-1] VPN problem
Previous by thread: Re: [FW-1] Merging two FW1 management servers
Next by thread: [FW-1] license limit
Index(es):
- Date
- Thread