I have included the procedure from checkponts knowledge base on how to merge
objects and rulebases to go from 4.1 TO NG FP1. There is also a procedure
that shows how to upgrade from NG to NG FP1
Solution: How to merge objects and rules from
VPN-1/FireWall-1 4.x management with VPN-1/FireWall-1 NG FP1 management
(skI3948)
To merge the objects and rules from Version 4.1 to NG FP1,
proceed as follows:
1. Issue 'cpstop'.
2. Copy <backup 4.1 objects.C> to
$FWDIR/conf/prev_ver_objects.C
3. Copy <backup 4.1 rulebases.fws> to
$FWDIR/conf/rulebases.fws
4. Copy <backup 4.1 fwauth.NDB> to $FWDIR/conf/fwauth.NDB
(on non-Unix OS you must also copy the link file. For example, the
fwauth.NDB includes only a link number i.e _FWNTLINK555. Find the fwauth.NDB
file with the same extension i.e fwauth.NDB555 and copy it as well)
5. Copy <the objects.C file coming from a clean NG FP1
installation> to $FWDIR/conf/empty_objects.C
(basically, rename the $FWDIR/objects.C to
empty_objects.C)
6. Remove (or rename) objects_5_0.C and rulebases_5_0.fws
from $FWDIR/conf
7. Issue $FWDIR/bin/fw confmerge
$FWDIR/conf/prev_ver_objects.C $FWDIR/conf/empty_objects.C >
$FWDIR/conf/objects.C
8. Issue $FWDIR/bin/fw checkobj
Note: if you do not use FloodGate-1 rules/objects then
ignore the errors followed by the 'fw checkobj' command)
9. Issue $FWDIR/bin/fw cpmi_upgrade
10. Downlod the default_objetcs.C file and copy it to
$FWDIR/conf
11. Issue $FWDIR/bin/fw upgrade sp1
12. Issue 'cpstart'
To merge the objects and rules from Version 4.0 to NG FP1,
proceed as follows:
1. fw confmerge_41 prev_ver_objects.C objects.C_41
>objects.C_41_merged
2. fw checkobj_41 objects.C_41_merged
3. fw confmerge objects.C_41_merged empty_objects.C
>objects.C
4. fw checkobj
5. cp objects.C $FWDIR/database/objects.C
6. fw checkobj
7. fw cpmi_upgrade
8. Download the default_objetcs.C file and copy it to
$FWDIR/conf
9. fw upgrade sp1
10. cpstart
Problem Description
How to merge objects and rules from VPN-1/FireWall-1 4.x
management with VPN-1/FireWall-1 NG FP1 management
NG to NG FP1
1. Issue 'cpstop'.
2. Copy <backup NG HF2 objects_5_0.C> to
$FWDIR/conf/objects_5_0.C (overwriting the FP1 file)
3. Copy <backup NG HF2 rulebases_5_0.fws> to
$FWDIR/conf/rulebases_5_0.fws (overwriting the FP1 file)
4. Copy <backup NG HF2 fwauth.NDB> to $FWDIR/conf/fwauth.NDB
(overwriting the FP1 file) (on non-Unix OS you must also copy the link file.
For example, the fwauth.NDB includes only a link number i.e _FWNTLINK555.
Find the fwauth.NDB file with the same extension i.e fwauth.NDB555 and copy
it as
well)
5. Download the default_objetcs.C file coming from a clean NG
FP1 installation and copy it to $FWDIR/conf
6. Issue $FWDIR/bin/fw upgrade sp1
7. Issue 'cpstart'
----- Original Message -----
From: "Miles D. Oliver" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 03, 2002 2:38 PM
Subject: [FW-1] editing objects_5_0.C - can/should you? (fwd)
> I've gone through the upgrade process from 4.1 Sp5 to NG.. It was not
> clean at all but it is working. I've upgraded 5 or so NG boxes and this
> is the first one that has 'burped'. The others upgraded fine.
>
> The upgrade process was not happy with some of my own defined services
> so I had to revert back to 4.1, remove my own defined services and do the
> upgrade again. This was OK because it did convert my objects properly
> from what I could tell. I'd rather recreate the rulebase than add all the
> objects all over again.
>
> I could open the gui and see my policies but could not install them. I
> had to take recreate my policy all over and then it would install
> properly.
>
> Now I attempt to add the FP1 upgrade (FP1/HF1/HF2) and now the GUI
> cannot connect when loading the objects, it just crashes.
>
> I determined that there were more entries in the objects_5_0.C that FP1
> did not like and now I need to remove them so that I can get the gui
> client to connect. The GUI client starts to load the objects and just
> crashes flat.
>
> What is the proper procedure for removing entries from objects_5_0.C when
> you cannot connnect with a GUI, or even be able to see the services
> listed in the GUI? if I cat out the objects_5_0.C file I can see entries
> in there for them, but they don't show up when looking at them in the GUI.
>
> Also,
>
> You used to be able to recreate the rulebases.fws file with a simple fwm
> -g *.W.. This doesn't work in NG either.
>
> --
> Miles D. Oliver
> http://www.mmoliver.org
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
