Hi All, >From memory, when you do an upgrade, you need to run the NG pre_verifier script on the 4.1 FW-1 management server (get this from CheckPoint in the ). The output of this script SHOULD tell you most of the issues that you need to fix first *using your 4.1 GUI*. Fix these issues before running the pre_verifier again. If you use VRRP, research whether you need to modify your settings to include IGMP. For Nokia IPSO appliances this is a requirement - CheckPoint pre_verifier will not tell you this. Once you are happy, run a script called upgrade_export. This will create the file that you will import into NGAI. I have only performed this on a clean Solaris build with a clean NGAI management server - not on the same box, as an immediate 4.1->NGAI upgrade - this was deemed less risky.
By the way, if you have firewalls between your NGAI management server and enforcement modules, you will need to investigate the extra ports that need access for the SIC channels (key management, x.509 authentication for policy pushes etc....) note. NGAI also supports the management of both NGAI and 4.1 sp6 modules with backwards compatibility mode. Hope this helps. Regards, Robert Lockwood, CISSP. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Christian 'Rana' Schlegel Sent: 19 January 2005 09:09 To: [email protected] Subject: Re: [FW-1] Upgrade from 4.1 to NG AI Hi, > Hi ALl, > We are in the process of upgrading the Firewall from 4.1 to NG > Application Intelligence (Running on Sun Sparc solaris 8). I've done > some research on Checkpoint web site and phoneboy.com. According to > Checkpoint I can only upgrade from 4.1 SP5 to NG with Application > Intelligence. > If I am running a version prior to 4.1 SP5, then I need to upgrade > from that version to 4.1 SP5 and then upgrade to NG with Application > Intelligence. > How will I know which SP I am running? If I run the command "fw ver" it > just shows the build number. It doesn't show the SP version. You can find it at phoneboy: http://www.phoneboy.com/bin/view.pl/FAQs/FirewallOneBuilds > If I am > running prior to 4.1 SP5 where can I download 4.1 SP5. If I am running > 4.1 SP1 can I download SP5 and upgrade directly from SP1 to SP5. You can get ist from your reseller or from checkpoint.com under downloads if you have an appropriate usercenter account. > Once I upgrade to 4.1 SP5 can I just use the CD and choose upgrade > option to upgrade from 4.1 SP5 to NG. Sorry for so many questions? Sorry, don't know. > If someone could give some hints that would be great. > Thanks in advance. > Regards, > Rajesh. HTH Christian -- Irgendwie geht Ordnung in das Beduerfnis nach Totschlag ueber (R. Musil) Christian Schlegel - Wien/Vienna - OEsterreich/Austria ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
