You said: "At best, I would say that the documentation for .def files are lacking as to whether or not they will be overwritten. It turns out that keeping that information up to date would be quite the undertaking. Read the release notes for an HFA and follow the best practices and you'll be fine. For example in the R55 HFA 10 release notes there were changes for the PPTP stuff. It required quite a few .def mods etc. In the future if you see something that's a major change then you'll need to review previous changes to .def mods and see if it affects your installation." Now that is complete BS. With all the $$$ that everyone is paying for checkpoint software & support, the least Checkpoint could do is to get its act together. Isn't that too much to ask? cisco4ng
chkp tech <[EMAIL PROTECTED]> wrote: Greetings, The quoted text really is great information so pay attention to it. Quote> Hope that clears things up a bit. Best practice is: - Document any and all manual changes to CheckPoint files, such as .def files, .h files, .C files. - When applying a new HFA to a management station or standalone firewall, copy in the changed files, and redo your documented changes after. Keep in mind that .def files are interdependent - if you copy in one changed file, you may have to copy in others. The easy way to handle that is to say "all changed _HFA files get copied over". - On modules, .def changes obviously don't concern you. cp.macro changes won't either unless you change your licensing model. Use common sense - if you see a changed file that may be beneficial to a module, copy it over; otherwise don't. Typically and "99.9% of the time", there's no need to touch _HFA files on a module. /quote> Currently, the way that def files are handled are that Check Point says that def files will be overwritten so that if a file gets overwritten due to a new format or whatever, no one can complain that a file was overwritten. At best, I would say that the documentation for .def files are lacking as to whether or not they will be overwritten. It turns out that keeping that information up to date would be quite the undertaking. Read the release notes for an HFA and follow the best practices and you'll be fine. For example in the R55 HFA 10 release notes there were changes for the PPTP stuff. It required quite a few .def mods etc. In the future if you see something that's a major change then you'll need to review previous changes to .def mods and see if it affects your installation. Jason On 8/25/06, cisco4ng wrote: > > According to Checkpoint, when upgrading from let say HFA_17 to HFA_18 in > NG > AI R55: "ALL changes made to the INSPECT files (aka, *.def files) will be > overwritten" > > Well, that is NOT entirely true. I ran a few tests on my provider-1 > systems > and I made a few changes in the user.def file and also some changes in the > base.def > file. After upgrading from HFA_17 to HFA_18, changes in the base.def file > was > overwritten by the new HFA; however changes made to the user.def file > remains the > the same. I've tested this several times with the same result. > > Wondering if anyone in this group can confirm? If this is true, it is > telling me that > Checkpoint just sucks. How can they pull some stupid stunt like that? > > cisco4ng > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
