Welllll, It's not so tricky.. honest.
1. Set up the target machines as identically to the production pair as you can. Machine names, IP addresses, routes etc all need to be the same unless you're willing to do some surgery - and you wouldn't be asking the question is you were... ;-) 2. Install the same version on the SBFC product on the target boxes. 3. Copy the config directories over to the new boxes. The certs should be ok. 4. The .secretkey file holds the passphrase which is needed to unlock the private key for each cert. It is encrypted using machine specific info. You'll need to run sbfcpassphrase on each box to reset the .secretkey file (use the same passphrase that was used on the production pair otherwise it still won't be able to unlock the certs...) 5. Reboot. I've probably missed something of course.. ;-) Tom ---------------------------------------------- Tom Rowan BSc (Hons), MBCS Information Warefare Operative CCSE+, SBFC (Instructor), CCNA .. blah blah .. email: [EMAIL PROTECTED] www: http://tom.rowan.me.uk/ tel: +44 (0) 7005 980 549 ---------------------------------------------- On Sat, 2005-01-08 at 22:35 +0000, Dan Bridges wrote: > Hi Rob, > > This is no easy thing to do.... > > The certificates used for the management and synchronization of the cluster > are at best "tricky" .... > > So all the machine names need to match exactly, the interface names and > orders need to match, then it's a case of installing the product from fresh, > then copying over the $SBFCHOME/etc directory, this contains all the cert > info and the config for the cluster. > > It might also be handy to have a priest, a goat, and an altar standing by > ... > > The best way to backup one of these systems if definitely from the OS up, > like a ghost image, for testing it's probably wiser to make a whole new > config, similar to what you have live, just use the same license if its tied > to the IP. > > Good luck > > Dan Bridges > > [EMAIL PROTECTED] > > http://fixmyfirewall.com > > > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Robert > Fowler > Sent: 08 January 2005 11:46 > To: [email protected] > Subject: [FW-1] StoneBeat FullCluster3 > > hi, > > does anyone know how to backup stonebeat full cluster version 3 so that I > can reinstall the software on a test box and copy in the configs. Currently > firewall modules are on Solaris. > > Also does anyone know were the gui for windows 2003 is cannot find it on > stonebeat web site > > thanks > > > > > > ___________________________________________________________ > ALL-NEW Yahoo! Messenger - all new features - even more fun! > http://uk.messenger.yahoo.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an email to > [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
