Greetings, The quoted text really is great information so pay attention to it.
Quote> Hope that clears things up a bit. Best practice is: - Document any and all manual changes to CheckPoint files, such as .def files, .h files, .C files. - When applying a new HFA to a management station or standalone firewall, copy in the changed files, and redo your documented changes after. Keep in mind that .def files are interdependent - if you copy in one changed file, you may have to copy in others. The easy way to handle that is to say "all changed _HFA files get copied over". - On modules, .def changes obviously don't concern you. cp.macro changes won't either unless you change your licensing model. Use common sense - if you see a changed file that may be beneficial to a module, copy it over; otherwise don't. Typically and "99.9% of the time", there's no need to touch _HFA files on a module. /quote> Currently, the way that def files are handled are that Check Point says that def files will be overwritten so that if a file gets overwritten due to a new format or whatever, no one can complain that a file was overwritten. At best, I would say that the documentation for .def files are lacking as to whether or not they will be overwritten. It turns out that keeping that information up to date would be quite the undertaking. Read the release notes for an HFA and follow the best practices and you'll be fine. For example in the R55 HFA 10 release notes there were changes for the PPTP stuff. It required quite a few .def mods etc. In the future if you see something that's a major change then you'll need to review previous changes to .def mods and see if it affects your installation. Jason On 8/25/06, cisco4ng <[EMAIL PROTECTED]> wrote:
According to Checkpoint, when upgrading from let say HFA_17 to HFA_18 in NG AI R55: "ALL changes made to the INSPECT files (aka, *.def files) will be overwritten" Well, that is NOT entirely true. I ran a few tests on my provider-1 systems and I made a few changes in the user.def file and also some changes in the base.def file. After upgrading from HFA_17 to HFA_18, changes in the base.def file was overwritten by the new HFA; however changes made to the user.def file remains the the same. I've tested this several times with the same result. Wondering if anyone in this group can confirm? If this is true, it is telling me that Checkpoint just sucks. How can they pull some stupid stunt like that? cisco4ng
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
