Kalpesh,
1) With going to a new OS and a new version (?) and I'm guessing a new IP,
you will need to re-establish the SIC. If not changing IP, it would be
possible to do it without, but it is just easier to re-establish the SIC.
2) Yes. Just do an upgrade export and import using the utilities on CP's
website. They can be found in the downloads area under utilities. They are
pretty straight-forward.
3) Yes. A newer management station can manage older version, but not
visa-versa. (Management cannot be on FP2 and manage R55)
4) Yes, all of this is very well documented in an upgrade guide available
for R55 as well as what CheckPoint calls the "ultimate" upgrade guide,
which is focused on management. Both are located in CheckPoint's
documentation area.
5) I would make sure you get some sort of full backups of everything before
you proceed, and have a good rollback plan. It all depends upon the
environment... how long you can be down, etc.
Regards,
Matt Goddard
CCSA, MCSE, CCNA
Security Information Team
Schneider National, Inc.
"Anyone who has never made a mistake has never tried anything new." -Albert
Einstein
|---------+-------------------------------------------->
| | Kalpesh Patel |
| | <[EMAIL PROTECTED]> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[EMAIL PROTECTED]|
| | KPOINT.COM> |
| | |
| | |
| | 03/16/2005 12:49 PM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
|
|
| To: [email protected]
|
| cc:
|
| Subject: [FW-1] Moving from NG FP2 to NG AI R55w
|
>----------------------------------------------------------------------------------------------|
Hi
Currently, I'm running Checkpoint NG FP2 on a distributed environment. The
Management Server is on a Compaq Proliant 800, running Windows 2000 and
the 2 enforcement modules are on a Nokia IP440, running IPSO. I also have
a Nokia IP120 in Paris & Munich.
I have now purchased 2 Nokia IP380's as the enforcement modules and the
Management server is going to be on a new Compaq Proliant DL360 server,
running Windows 2003. I'm still going to be using the old Nokia IP120's
(with NG FP2).
My question are as follows:
- Can I import the Internal certificate from the old management server to
the new one or is it easier to re-create the SIC.
- Can I move over the rules & Objects from the old management server to
the one? and how?
- Can I still connect the Nokia IP120's to the new management server
whilst it's still running NG FP2? I won't be able to upgrade them at the
same time.
- Also, Is there any document for this?
- Finally, Is there anything else I need to do???
Regards
Kalpesh
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
