[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] How is a rulebase exported?
I recently went through this upgrade, and it worked flawlessly (my problems were related to the $FWDIR/lib/control.map file). Here were the procedures supplied by Check Point Technical Support. (hint: the fw confmerge is a critical step.) Good Luck! -------------------------------- Steps to upgrade: 1. Backup the following text files (or better yet, the whole system at level zero dump): $FWDIR/conf/objects.* $FWDIR/conf/*.W $FWDIR/conf/*.pf $FWDIR/conf/*.fws $FWDIR/conf/fwauth.NDB* $FWDIR/state/*.* $FWDIR/database/*.* 2. If you are upgrading from a UNIX box to an NT box, be sure and convert the text files from UNIX ASCII to WinNT4 ASCII and then transfer them to the new box. The easiest way is to FTP from the UNIX machine to the Windows NT box in ASCII mode. 3. To transfer the user database from the old FW to the new FW, # $FWDIR/bin/fw dbexport -f outfile.txt then, C:> %systemroot%/bin/fw dbimport -f outfile.txt 4. fw confmerge obj41.C obj40.C > objects.C This merges 4.1 objects.C and 4.0 objects.C into the file objects.C. The proper procedure for performing this merge is as follows: 1. Stop the firewall (fwstop). 2. Make a backup of the $FWDIR/conf directory. 3. Copy your objects.C files into a temp directory, giving them different names (e.g. objects41.C, objects40.C). 4. Run the command 'fw confmerge objects41.C objects40.C > objects.C'. 5. Remove objects.C, objects.C.sav, objects.C.bak from $FWDIR/conf. 6. Copy the new objects.C file into $FWDIR/conf. 7. Start the firewall (fwstart). 5. See the file $FWDIR/state/local.fc for the last Security Policy installed. To rebuild the rulebases.fws: fwstop (WinNT) $FWDIR\bin\fw m -g $FWDIR\conf\<file names>.W (UNIX) $FWDIR/bin/fwm -g $FWDIR/conf/<file names>.W fwstart 6. The only objects.C file should be the one from $FWDIR/conf/ subdir. At 01:23 PM 9/28/00 +0200, Graham Leggett wrote: Hi all,
================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|