|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Upgrade from 4.1 to NG
Hi, Can I upgrade straight to FP3 w/o having installing FP1..etc? Thanks DS -----Original Message----- From: Crist Clark [mailto:[email protected]] Sent: Wednesday, February 19, 2003 01:24 PM To: [email protected] Subject: Re: [FW-1] Upgrade from 4.1 to NG > "Fritze, Stefan" wrote: > > hi, > > i donßt want to use the upgrade function of checkpoint to upgrade the > productive system to the new version. I prefer to build up a new > management server and rebuild the configuration manual. The i install > NG as second package on our nokia that i can easy reboot the old > config if we have some trouble. I've had to do this a number of times. I wrote a custom script based on the various Check Point scripts that everyone will point you to. The attached script was actually for upgrading from 4.0 to NG FP2 on Solaris. The idea is to take the $FWDIR/conf from the old machine and dump it to some arbitrary location on the new machine. The attached script, fwmerge, is run from that directory. The "DIST" variable should be set to a directory with the unpacked Check Point package. In the script, it grabs parts from the Solaris packages. I assume the Nokia distribution is packaged differently. The cleanup script, cleanup.awk, was another script that manually made a bunch of changes that the Check Point tools couldn't handle and some other changes that I'd rather automate (it dropped a bunch of objects I didn't want anymore). A skeletal one is attached. This worked brilliantly for me, because I built it to work for my rulesets. No guarantees it will be of any use to anyone else. You will definately need to make changes for it to work on a Nokia platform, but it might be something to help you start. Definately make backups before you try it. It will probably take some trial and error to get the cleanup.awk script to handle all of the things the Check Point scripts say you have to do manually. The whole point of the script is that you can run it over and over without doing any manual clean ups in between runs. Each time you run it, you make incremental refinements until everything works correctly. I'm upgrading my last set of firewalls on Monday. Now that I am an expert on doing this, I'll probably never need to do it again, or if I do, Check Point will have changed everything enough that anything I do manage to remember or still have on hand will be useless. -- Crist J. Clark [email protected] Globalstar CommunicationsThe information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
