Yesterday evening I tried to upgrade a SPLAT FW-1 NG R55 server
from HFA 8 to HFA 16. install_hfa reported success so I rebooted
the server. It booted ok but the firewall didn't work.
I found out that some of the files in /etc/fw/bin had size zero after
the upgrade. Notably fw and fwm. Luckily uninstall_hfa worked fine so
I could reboot the firewall with a working HFA 8 again.
I then tried upgrading to HFA 15, with the result being that even more
files in /etc/fw/bin had size zero. uninstall_hfa solved that also.
Lastly I tried upgrading to HFA 12, and that resulted in no zero sized
files, but the fwm file had a very small size compared to HFA 8 and
trying to run fwm caused an error. Again uninstall_hfa was my friend.
Everything seems ok now with the old HFA 8 version.
I followed the "cpstop, ./install_hfa from a /var dir, reboot" sequence
with HFA 16 and HFA 15. After doing cpstop and install_hfa with HFA 12
I didn't bother to reboot when I saw the small size of the fwm file,
I just ran uninstall_hfa immediately and then rebooted. Seemed to work fine.
All install_hfa and uninstall_hfa output reported success in every step,
no signs of trouble there.
The firewall was initially installed with SPLAT NG FP3 about 2.5 years ago,
so the /opt partition is only 500 MB compared to the 1500 MB I have in a
firewall that had SPLAT NG R55 installed from scratch.
This however didn't seem to be the cause of the problem, because there
seemed to be enough free space both before and after running the HFA 16
upgrade. Below are df -k before and after. But seeing the zero sized
files makes me guess that the size of the /opt partition is still the
problem in some way. So I believe that the only solution is to reinstall
the firewall with NG R55 from scratch?
Can someone please verify this or is it some other problem?
Below is the df output mentioned above and then output from cpshared_ver,
fw ver -k and sim ver -k from the HFA 8 version running now after the
last uninstall_hfa.
Thanks!
Before installing HFA 16:
[EMAIL PROTECTED] df -k
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p3 395122 154137 220585 42% /
/dev/cciss/c0d0p1 51342 8397 40294 18% /boot
/dev/cciss/c0d0p6 505748 367432 112205 77% /opt
none 771828 0 771828 0% /dev/shm
/dev/cciss/c0d0p5 803128 184940 577392 25% /sysimg
/dev/cciss/c0d0p7 31224188 931928 28706164 4% /var
After installing HFA 16, before rebooting:
[EMAIL PROTECTED] df -k
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p3 395122 156324 218398 42% /
/dev/cciss/c0d0p1 51342 8397 40294 18% /boot
/dev/cciss/c0d0p6 505748 398797 80840 84% /opt
none 771828 0 771828 0% /dev/shm
/dev/cciss/c0d0p5 803128 184940 577392 25% /sysimg
/dev/cciss/c0d0p7 31224188 942324 28695768 4% /var
Here is the current df, after all three install_hfa/uninstall_hfa:
[EMAIL PROTECTED] df -k
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/cciss/c0d0p3 395122 154293 220429 42% /
/dev/cciss/c0d0p1 51342 8404 40287 18% /boot
/dev/cciss/c0d0p6 505748 367710 111927 77% /opt
none 771828 0 771828 0% /dev/shm
/dev/cciss/c0d0p5 803128 184940 577392 25% /sysimg
/dev/cciss/c0d0p7 31224188 1120780 28517312 4% /var
Here are current versions:
[EMAIL PROTECTED] cpshared_ver
This is Check Point SVN Foundation (R) NG with Application Intelligence
(R55) HFA_08, Hotfix 001 - Build 006
[EMAIL PROTECTED] fw ver -k
This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application
Intelligence (R55) HFA_08, Hotfix 001 - Build 001
kernel: NG with Application Intelligence (R55) HFA_08, Hotfix 001 -
Build 001
[EMAIL PROTECTED] sim ver -k
This is Check Point Performance Pack version: NG with Application
Intelligence (R55) HFA_08 - Build 013
Kernel version: NG with Application Intelligence (R55) HFA_08, Hotfix 036 -
Build 001
--
Peter Olsson [EMAIL PROTECTED]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
