BUT: all the "best practice" advice I've seen recommends to keep
all critical systems fully patched with O/S and other software
updates. This was the reason for using the Patch Manager utility
in the first place.
Also, presumably there will come a time when the version of Solaris
distributed with new systems will include these patches anyway...
I guess the answer to all this faff is use SPLAT instead - and
relegate the Sun box to a more suitable role (doorstop or large
paperweight for example) :-<
Cheers.
Simon Ashford.
-----Original Message-----
From: Rajeev Gupta [mailto:rgup14 AT GMAIL DOT COM]
Sent: 29 August 2005 13:48
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Firewall-1 failure after applying Solaris patches.
Hmmm..........
I wonder if you will ever get any repsonse from Check Point or Sun? Check
Point will go with your results and say ok if that be it, that is what it
is. I had R54 or R55 attempts to install on Solaris 9 last week - hfa's did
not matter - it continued to core in case I had the Recommended Patch
cluster installed. I just completely removed the patch cluster and left only
one patch that Check Point recommeded - I got it from Check Point Support
person who had kept it saved since eternity:-) Check Point Support kind of
knows issues with some of the sun patches off and on and some of the techs
at the Support therefore save these old patches in their personal
repositories from the time when Check Point had originally tested its
specific release.
Rajeev
On 8/27/05, Simon Ashford <Simon.Ashford AT npl.co DOT uk> wrote:
>
> In answer to my own question:
>
> It seems the following Solaris patches break Firewall-1:
>
> 115553-19:
>
> Causes an error during the initial Firewall-1 boot configuration:
> immediately after the first set of "Autopushing over ..." messages
> it gives "ioctl: out of streams reesources" followed by several
> screens of verbose errors starting "ap: usage..."
>
> Backing out the patch does not fix the problem.
>
> Revision 15 of this patch was OK.
>
> 112963-23:
>
> Causes SEGV and core dump on several processes started by
> /etc/rc3.d/S99cpboot.
>
> Backing out to revision 18 fixes the problem.
>
> This is on an E220R server, Solaris 9 64-bit, with R55 HFA-15.
>
> These patches were downloaded automatically by the PatchPro utility.
> I guess they will also be present in the latest Recommended/Security
> bundle.
>
> Anyone fromn Sun or CheckPoint reading this and care to comment?
>
>
> Simon Ashford.
>
>
> -----Original Message-----
> From: Simon Ashford [mailto:Simon.Ashford AT npl.co DOT uk]
> Sent: 25 August 2005 15:58
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: [FW-1] Firewall-1 failure after applying Solaris patches.
>
>
> I recently applied the latest set of Solaris patches to our
> firewall machine (using Solaris Managament Console + PatchPro).
> But it then failed on reboot - verbose "usage" diagnostics from
> (I think) the "ap" command during interface configuration,
> other FW1 commands failing with Segmentation Fault + core
> dumps.
>
> Tried backing out the likely suspects - kernel patch, TCP patch
> and a couple of others. But made no difference so eventually had
> to restore the entire system from a backup.
>
> Anyone else seen this? Is there a particular patch to blame?
>
> System details: E220R server, Solaris 9, NGAI R55 HFA-13 (but
> have since installed HFA-15 - might improve things...?)
>
> Thanks in advance.
>
>
> Simon Ashford.
>
> -------------------------------------------------------------------
> This e-mail and any attachments may contain confidential and/or
> privileged material; it is for the intended addressee(s) only.
> If you are not a named addressee, you must not use, retain or
> disclose such information.
>
> NPL Management Ltd cannot guarantee that the e-mail or any
> attachments are free from viruses.
>
> NPL Management Ltd. Registered in England and Wales. No: 2937881
> Registered Office: Serco House, 16 Bartley Wood Business Park,
> Hook, Hampshire, United Kingdom RG27 9UY
> -------------------------------------------------------------------
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> -------------------------------------------------------------------
> This e-mail and any attachments may contain confidential and/or
> privileged material; it is for the intended addressee(s) only.
> If you are not a named addressee, you must not use, retain or
> disclose such information.
>
> NPL Management Ltd cannot guarantee that the e-mail or any
> attachments are free from viruses.
>
> NPL Management Ltd. Registered in England and Wales. No: 2937881
> Registered Office: Serco House, 16 Bartley Wood Business Park,
> Hook, Hampshire, United Kingdom RG27 9UY
> -------------------------------------------------------------------
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
--
Rajeev Gupta
CISSP, CCMSE+VSX
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
-------------------------------------------------------------------
This e-mail and any attachments may contain confidential and/or
privileged material; it is for the intended addressee(s) only.
If you are not a named addressee, you must not use, retain or
disclose such information.
NPL Management Ltd cannot guarantee that the e-mail or any
attachments are free from viruses.
NPL Management Ltd. Registered in England and Wales. No: 2937881
Registered Office: Serco House, 16 Bartley Wood Business Park,
Hook, Hampshire, United Kingdom RG27 9UY
-------------------------------------------------------------------
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
