Re: [FW-1] Question About Upgrade Procedure

[Wally Hughes <one_horseman@FW1-NOSPAMYAHOO.COM>]

Sandra,
The method I used when doing something
similar (FW1-4.1 on HPUX) was to create the new
environment completely on first a test network, then
we had the luxury moving to a new
network (different internet IPs and intranet IPs).
So, there were no conflicts with hostnames, IP
addresses, etc.
Also, in doing the merging of the object files
I ended up having to delete the old firewall
objects and create new ones anyway. The new
firewall object of course will be a different
release and you'll use a different method
to ensure communication (not fwputlic) between
the management server and enforement point.
Also had some problems/issues with checkpoint's
procedures for doing all this and spent alot
of time on the phone with support with Nokia.
If possible, you'd be better off to recreate
the objects and policy. If there are too many
objects, then do the merge for that, but
definitely recreate the policy files anew (from the
new
gui, which I think is what you mentioned below).

Wally Hughes
--- Sandra Iveth Amador Garcia
<sandra.amador@ISF.COM.MX> wrote:
> Hi guys and girls:
>
> I have a customer using a stand alone installation
> on a solaris machine,
> using Checkpoint 4.1, and we are going to migrate,
> in first place, to a
> distributed installation and after to the last
> version to checkpoint, i
> mean AI. We have a new microsoft server for the new
> smartcenter server,
> so the point is to preserve the actual management
> console and firewall
> still the new firewall (Nokia IP330) and management
> server have all the
> configuration (objects, policy package, etc)
> previously loaded and
> installed.
>
> I have been looking for a procedure and tools to do
> it, and apparently
> the best way to do this is the next:
>
> 1) Install NG FP1 in the new smarcenter server
> 2) Upgrade the 4.1 objects.c file to NG
> 3) Merge the 4.1  objects.c file and the objects.c
> file of the new
> management server. (usual named empy_objects)
> 4) Replicate the policy package in the new
> management server
> 5) Install the policy.
>
> 6) Finally upgrade the bundle (smart center an new
> firewall) to AI
>
> PD.- The issue is, has anyone test somethong similar
> to this without
> problem with both management servers objects in the
> same file ????
>
>
> Regards
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner@ts.checkpoint.com
> =================================================


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================