Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] upgrade_export

from Joe Matusiewicz [Permanent Link]
Subject: Re: [FW-1] upgrade_export
From: Joe Matusiewicz <joem AT NIST DOT GOV>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Wed, 29 Dec 2004 13:35:23 -0500 
At 02:31 AM 12/29/2004, Stig Bull wrote:

I'm upgrading from NGFP3 (IPSO and a single SPLAT box) to NG AI R55.
First to go is the management server which currently is a Windows 2000
box.

I've already upgraded the mgmt server to AI and it works fine
afterwards, but I want to get rid of Windows and install it as a SPLAT
mgmnt server instead.

Q1: So just to make sure I understand this correctly, I run an
upgrade_export and FTP the files to a server, "trash" the Windows box
and install SPLAT on it, FTP the files back and then run upgrade_import
and everything is fine again? I know this is in theory, but....?



This has worked for me.



Q2: Will this process also import all licensing information or do I need
to reinstall the licenses?



This has also worked for me.



Q3: Will I need to push the policy on the modules after upgrading, the
upgrade_guide.pdf document on p37 says this; I pushed the present W2K
R55 policy to a less important firewall, and while everything seems ok,
the following errors appears in the log:
Dec 28 13:38:34 FW [LOG_CRIT] kernel: set_timeout_to_MSPI_by_methods:
not in MSPI_by_Methods Dec 28 13:38:34 FW [LOG_CRIT] kernel:
set_timeout_to_MSPI_by_methods: not in MSPI_by_Methods Dec 28 13:38:53
FW [LOG_CRIT] kernel: FW-1: fw_runfilter: wrong number of arguments (0
!= 2) to function gtp_path_code (58) Dec 28 13:38:53 FW [LOG_CRIT]
kernel: FW-1: fw_runfilter: wrong number of arguments (0 != 2) to
function gtp_path_code (58)


I've seen the fw_runfilter error above.  Upgrading the enforcement point to
R55 gets rid of it.
I installed the policy on a backup firewall that was not on a network so I
don't know what would have happened if I put it online.

Hope this helps....


-- Joe

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] HFA's for R55, GoddardM
Next by Date:  Re: [FW-1] HFA's for R55, Joe Matusiewicz
Previous by Thread:  Re: [FW-1] upgrade_export, GoddardM
Next by Thread:  Re: [FW-1] upgrade_export, Quick, Richard A.
Indexes:  [Date] [Thread] [Top] [All Lists]