|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] disturbing experience upgrading to HF2
Daniel, word from the field: Never install hotfixes on top of hotfixes. We have had recurring issues with installing an HFA on top of HF1 or HF2 or on top of an HFA, despite what the release notes say. Go from FP3 straight to HFA-315 (latest stable, it seems ... or whatever is "latest stable" at that point in time). When you have to upgrade: - Uninstall FW1 HFAx - Uninstall CPShared HFAx - Reboot - Install CPShared HFAnew - Install FW1 HFAnew - Reboot - On Mgmt: Redo all .def changes that were previously applied - On Nokia Module: Redo all modzaps that were previously applied (you do have docs, right? :) - On Nokia Module: cprestart or, if worried about VRRP Coldstart Delay, reboot Regards Shawn Behrens Integralis/Activis Managed Security Services 111 Founders Plaza East Hartford, CT 06108> -----Original Message----- > From: Daniel Samaan [mailto:[email protected]] > Sent: Wednesday, August 13, 2003 4:36 PM > To: [email protected] > Subject: [FW-1] disturbing experience upgrading to HF2 > > > All of my NG installs have been NG FP3, HF2 and maybe a > HFA308 on Nokia > platforms in a distributed environment. Today I build Win2k > Cluster using > ClusterXL, and FP3. > > Everything was fine, established SIC, pushed and ANY ANY > policy...no big > deal right. Here are the steps I did that caused a few problems > > I upgraded the Win2k mgmt station and gui client to HF2 > rebooted mgmt station > installed HF2 into the SmartUpdate repository. > Attempted to deploy SVN HF2 to my standby firewall and it just > timed-out. I went to test SIC and it could not connect to > the peer was > the error. I looked at the SIC tab on the FW module and > the CA's IP > address was not the mgmt station, but the cluster IP > address. So after > playing around with doing a SIC reset I got SIC > restablished and still > could not push HF2 to the firewall. > I tried it on the active firewall and still could not push > HF2; however > SIC was OK. > I then just install HF2 locally on each firewall and > that's when even > got worse. SIC could not get established, it was inconsistent when > pushing policy. > So I deleted the cluster object and re-created it and it > seems to be OK. > > Is this normal for Win2k cluster deployments and HF upgrades? > > I can't wait to test SecurePlatform.... > > [email protected] > > > -------------------------------------------------------------- > ------------------------------------------------------ > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom > they are addressed. > If you have received this email in error please notify the > originator of the message. This footer also confirms that this > email message has been scanned for the presence of computer viruses. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Please note that: 1. This e-mail may constitute privileged information. If you are not the intended recipient, you have received this confidential email and any attachments transmitted with it in error and you must not disclose, copy, circulate or in any other way use or rely on this information. 2. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. 3. The contents of this email are those of the individual and do not necessarily represent the views of the company. 4. The company does not conclude contracts by email and all negotiations are subject to contract. 5. The company accepts no responsibility once an e-mail and any attachments is sent. http://www.integralis.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
