Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Checkpoint Provider-1 MDS, please help

from Martin Hoz [Permanent Link]
Subject: Re: [FW-1] Checkpoint Provider-1 MDS, please help
From: Martin Hoz <martinhoz AT GMAIL DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Sat, 11 Feb 2006 08:15:46 -0600 
On 2/10/06, cisco4ng <cisco4ng AT yahoo DOT com> wrote:
>
>   I would like to upgrade the MDS infrastructure from HFA_318 to HFA_327.
> The problem is that on about 200 CMAs, we have made a lot of changes in
> the user.def, base.def, etc... Furthermore, we've also made lot of changes
> with dbedit and/or gui-dbedit with these CMAs.  If I am not mistaken,
> when upgrading from HFA_318 to HFA_327, a lot of these settings will be
> overwritten by the HFA.  If that is true, then I will be in big trouble.
>   Is there a way to upgrade my MDS infrastructure from HFA_318 to HFA_325
> without losing the settings for each of my CMAs?  I don't know if I can
> back up ALL 250 CMAs individual settings.  Furthermore, how can I verify
> that ALL of my settings remain after the HFA upgrade?  In other words, is 
> there
>   a safe way to do this?
>

I think that this calls for a procedural approach rather than a
technology approach....

If you were on Intel, my advise would be to have a QA scenario using
VMWare: upgrade on your virtual machine and then perform diffs on a
couple of CMAs where you have changes to see if they how they were
processed.

On your situation, taking a look on your change management
documentation (I assume you do have change management on such a big
scenario with 200 CMAs) would be  good to isolate what CMAs have
changes and deal with those case by case.

Using diff files now (since you are using Solaris), seems to me the
most automated approach available. First compare a current unmodified
.def file (with HFA318) against a .def file that has been modified.
You may script this looking under the customers directory (shell
scripting is your friend here), that way you will know exactly where
and what was modified..

In any case, doing all this on a QA scenario seems very wise to me on
your situation...

Good luck,

- Martín

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Importing configurations from temporary SmartCenter to existing SmartCenterserver., Martin Hoz
Next by Date:  Re: [FW-1] AW: [FW-1] Changing Hardware R60 SC and Modules, Martin Hoz
Previous by Thread:  [FW-1] Checkpoint Provider-1 MDS, please help, cisco4ng
Next by Thread:  Re: [FW-1] Checkpoint Provider-1 MDS, please help, chkp tech
Indexes:  [Date] [Thread] [Top] [All Lists]