Re: [FW-1] Easy to add new firewall running NG with AI (R55 HF04) on SPL

Subject:	Re: [FW-1] Easy to add new firewall running NG with AI (R55 HF04) on SPLAT?
From:	Matthias Leu <mleu AT AERASEC DOT DE>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Tue, 28 Sep 2004 07:41:00 +0200

Alan Choyna wrote:

We have an IP440 running IPSO 3.7 and NG with AI (R55 HF4) with a
management station running SPLAT (R55 HF4).

I want to replace the IP440 with a Compaq DL580 with R55 HF4.

Is it as simple as installing SPLAT on the Compaq and copying the config
from the IP440? Or would l connect the firewall to the management server
and then push the config from the management server to the DL580?

The management server and IP440 are running live, so l'm concerned as to
how l would do this without impacting the live system.

Your advice is appreciated.

Alan


Alan C. Choyna
Senior Consultant

Pathfinder Associates, LLC

<http://www.pathfinderassoc.com/>http://www.pathfinderassoc.com
Internet Strategy Business Consultants
<mailto:achoyna AT pathfinderassoc DOT com>mailto:achoyna@pathf<mailto:achoyna AT 
pathfinderassoc DOT com>.com


Business telephone (312) 372-1058. Mobile (773) 255-6662

Hi,
since the configuration itself is on the Management Server, you only
need a few steps to build a new Firewall if not changing its IPs. Your
productive Firewall might run as usual first.
- Install SPLAT
- Install NG AI Enforcement Point
- Install Hotfix Accumulator
- Give an Authorization Key for first connection between Management and
Firewall
On the Management Server, you need to reset the SIC for this object.
Here you will be asked to type the Authorization Key for the Enforcement
Point.
Disconnect your productive Firewall from the Management Server (cable).
It will work as normal if you have your Management in a separate DMZ,
but you won't get logs transferred to the Management Server. Then
connect the new Enforcement Point, initiate SIC and install your
rulebase. If there are no errors, switch the 'productive' cables to this
new Firewall afterwards. If it fails, just switch back to your old Firewall.
Hope it helps,
best regards,
Matthias
http://www.fw-1.de
--
AERAsec Network Services and Security GmbH
Wagenberger Strasse 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Easy to add new firewall running NG with AI (R55 HF04) on SPLAT?, Alan Choyna Re: [FW-1] Easy to add new firewall running NG with AI (R55 HF04) on SPLAT?, Matthias Leu <=

Previous by Date:	[FW-1] Easy to add new firewall running NG with AI (R55 HF04) on SPLAT?, Alan Choyna
Next by Date:	[FW-1] Multi-CPU support Stonebeat HA or not ?, Kingsley Chu
Previous by Thread:	[FW-1] Easy to add new firewall running NG with AI (R55 HF04) on SPLAT?, Alan Choyna
Next by Thread:	[FW-1] Multi-CPU support Stonebeat HA or not ?, Kingsley Chu
Indexes:	[Date] [Thread] [Top] [All Lists]