Hi Karen,
Maybe you will find solution to your problem in this
documentation. It describes all the files to backup.
An important part of the creation of a duplicate backup is to
backup the SIC certificate (sic_cert.p12)
http://www.checkpoint.com/ngupgrade/downloads/upgrade_mgmt_srvr.pdf
After the copy of files, look at the appendix D section and do
the procedure to recover
your certificate information for SIC.
There is a mistake at the end of task 10. It should be :
<the output of the last command>/conf/sic_cert.p12 1
Sometimes after the backup you won't manage to login. If this
happens, run: fwm unload name-of-your-firewall-objects
and try to reconnect.
Hope it helps,
Yann PERRIN
Ingénieur Sécurité
NET APTITUDE S.A.S.
215 rue Jean-Jacques Rousseau
92130 ISSY LES MOULINEAUX
Mobile : 06 64 74 22 32
Tél : 01 41 09 77 73
Fax : 01 41 09 77 78
Site Internet
http://www.net-aptitude.fr
-----Message d'origine-----
De : Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] De la part de
Erickson, Karen PSC
Envoyé : vendredi 23 mai 2003 16:18
À : FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Objet : [FW-1] Problems creating NG FP3 backup
We have a Windows 2000 machine with NG FP3 in production and are trying
to create a duplicate backup to put in place in case the other ever goes
down. The gateway and management are on the same machine. I have
rebuilt the backup box 3 times as there are varying ideas about how to
create the backup machine. Each time I was not able to open the Smart
DashBoard-got an error message that the "Connection cannot be
initiated. Make sure the Server <> is up and running". It is. The
backup is a duplicate of the production machine as far as hardware,
name, IP addresses and which NIC they are associated with. So far I have
(1) moved over FW1 directory-didn't work (2) moved over FW1 and CPShared
directories-nope (3) rebuilt (because I have been told once the policy
editor is opened the certificate is created so it must be rebuilt). .
.with virgin copies of the FW1 and CPShared directories saved to
overwrite if necessary (although I do not know if this will make a
difference if once the policy editor is opened it's time to redo the
machine again). Any suggestions? I have been told what I am trying to
do may not be possible because of the certificates that are created in
NG. Thanks. Karen Erickson Office of Information Technology Public
Service Commission of Wisconsin 608-266-0038
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
