It's not specific to IPSO. When we brought this to Check Point's attention, we had also encountered it on Windows. We also experienced some issues with the SPLAT import as well.
As a workaround whilst Check Point were working on the new binaries, we used the backed up export utilities that are located in the backup directory that the HFA makes for backout purposes. Those worked without a problem. >From what we've seen, the new binaries are perfect. I agree with cisco4ng though, Check Point should make these publicly available as soon as possible, as it really makes tech support impossible if CP asks for a SmartCenter export. We had another issue with HFA-02 where the "vpn tu" command screws up resetting of individual tunnels if you try to reset a dynamic edge vpn tunnel with the format 0.0.0.x. It actually results in all tunnels being reset. We have also brought this to Check Point's attention and they are working on a resolution. In general though, I agree that that Check Point did not QA HFA-02 correctly. Another frustrating issue is that there is STILL no HFA for R62! Cheers Matt -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of sin Sent: 22 November 2007 02:09 AM To: [email protected] Subject: Re: [FW-1] upgrade_export is not working cisco4ng wrote: > "It seems that the upgrade tools do not work on any R65 HFA-02 version. (Any platform.) > On any R65 installation cpinfo is not working properly either. > (Which is a serious pain for support purposes.)" # cd /opt/CPsuite-R65/fw1/bin/upgrade_tools/ # ./upgrade_export 22112007 You are required to close all Check Point clients before the Export operation begins. If the export fails, stop Check Point services and run the upgrade_export command again. Press ENTER when ready.. Checking the existence of necessary files... Copying files to temp dir... Building configuration file... Compressing the files... The export operation finished successfully. # ls -lh 22112007.tgz -rw-r--r-- 1 root root 32M Nov 22 01:59 22112007.tgz # fw ver -k This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R65) HFA_02, Hotfix 602 - Build 006 kernel: NGX (R65) HFA_02, Hotfix 602 - Build 006 I guess is something specific to IPSO, as the above output is taken from a "CentOS release 3.9 (Final)" which is not even supported by CP and it works qithout a quirk. Have you tried using the latest IPSO, which one week ago was: IPSO 4.2 build 069. regarding cpinfo: # cpinfo -o output_file cpinfo (I:0110): Beginning ... cpinfo (I:0116): Latest cpinfo build: http://www.checkpoint.com/techsupport/downloadsng/utilities.html#cpinfo cpinfo (I:0112): Embedding files ... cpinfo (I:0120): Output file - output_file cpinfo (I:0111): Done # ls -lh output_file -rw-r--r-- 1 root root 44M Nov 22 02:04 output_file hth, sin Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
