R55 can do that too. But the problem is exactly when I run mds_restore.
Properties from Sofaware were not restored because they were not installed
on initial installation. With fresh installation, R55 was able to manage
VPN-1 Edge appliances in tests that I have made.
I don´t know if restoring the backup in NGX it will have different behavior.
In fact, I have to verify how ESS for Provider-1 is.
Tks.
Gustavo.
_____
De: cisco4ng [mailto:cisco4ng AT yahoo DOT com]
Enviada em: quarta-feira, 15 de fevereiro de 2006 15:43
Para: Mailing list for discussion of Firewall-1
Cc: gustavo.vianna AT COMSAT.COM DOT BR
Assunto: Re: [FW-1] RES: [FW-1] Provider-1 CMA Migration
Gustavo,
Can you do this:
1) Perform an mds_restore on the new provider-1,
2) upgrade it to NGx R60A,
3) I've been told by Checkpoint that with this method, you will be able to
manage
VPM-1 Edge device from Provider-1 NGx R60A
Gustavo Vianna <gustavo.vianna AT COMSAT.COM DOT BR> wrote:
You are right! Using mds_backup / mds_restore scripts I have already done in
the same way that you described and worked fine. But there is a fact that I
forgot to mention. The current installation is based on a lot of updates...
NG FP1, FP3 and now NG+AI R55. The problem is that with this old
installation I can´t manage VPN-1 Edge devices from Provider-1. There is no
support in current Provider-1 installation. So a fresh R55 installation was
the solution for this issue. I don´t know if there is another way to do
that... suggestions?!
Thanks,
Gustavo.
_____
De: cisco4ng [mailto:cisco4ng AT yahoo DOT com]
Enviada em: quarta-feira, 15 de fevereiro de 2006 13:44
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Cc: gustavo.vianna AT COMSAT.COM DOT BR
Assunto: Re: [FW-1] Provider-1 CMA Migration
Hi Gustavo,
You are killing yourself with migration. Based on what you've stated below,
because
no changes in IP and everything is the same, just the hardware change. If
that is
the case, you need to do the following:
On the old Provider-1 box:
1) mdsenv
2) mdsstop
3) mkdir /var/backups
4) cd /var/backups
5) mds_backup
6) scp everything from the /var/backups directory to an ftp server
7) shutdown the old provider-1 box (to ensure there will be NO ip conflicts)
On the new Provider-1 box:
1) turn it on
2) install Provider-1 software on this box with the same HFAs as the old
one,
3) mkdir /var/backups
4) download everything that uploaded earlier to the ftp server,
5) mdsenv
6) mdsstop
7) cd /var/backups
8) mds_restore
Everything will work without SIC reset. What you can NOT is to do an
mds_restore
on solaris with backup from a Provider-1 SPLAT and vice versa. Between
solaris and
solaris or SPLAT and SPLAT, it will work like a charms. I've done this many
times
with no issues.
That's it.
have fun....
cisco4ng
Gustavo Vianna wrote:
Hi All,
I have a Provider-1 R55 HFA-17 on a Solaris 9 machine and I am trying to
migrate the CMAs to another machine (Solaris 9 - fresh installation). I have
trying all procedures described on documentation ( migrate_assist,
cma_migrate / no IP changes ) and the migration seems to be ok. But when I
start the CMA, all gateways can not communicate with Provider-1. SIC can not
be established, even if I reset both smart center and gateway´s SIC. It
seems to be an internal certificate problem, but I don´t know how to solve
that. Documentation says that if I don´t have CMA´s IP change, everything it
will work fine without the need to reset SIC.
Has anybody already got that kind of problem?
Thanks,
Gus.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_____
What are the most popular cars? Find out at Yahoo!
wNtYWlsdGFncwRzbGsDMmF1dG9z/*http:/autos.yahoo.com/newcars/popular/thisweek.
html%20%0d%0a> Autos
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_____
Yahoo!
<http://us.rd.yahoo.com/evt=38381/%20ylc=X3oDMTEzcGlrdGY5BF9TAzk3MTA3MDc2BHN
lYwNtYWlsdGFncwRzbGsDMWF1dG9z/*http:/autos.yahoo.com/index.html%20> Autos.
Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
