Greetings, Everyone! I am a relatively new FW-1 administrator, and have been tasked with upgrading our current 4.1 setup to NG FP3. I put together a quick outline of the process I was thinking of doing, and thought I'd also run it by you all to make sure there were no real big flaws in it. Any advice would be greatly appreciated.
What I have: 2 Nokia IP530's running FW1 4.1 SP5, IPSO 3.4.1 1 Solaris Management Server, Running Solaris 7 and FW1 4.1 sp5 What I would like to end up with: 2 Nokia gateways running FW1 FP#, IPSO 3.6 2 Solaris Management servers (one primary, one secondary), running solaris 8 64-bit, and fw1 fp3 The basic process I worked out: 1) Build my spare solaris box with solaris 8 64-bit. Install fp3 management server to it, making it the 'primary enterprise management' 2) Copy my objects.c from my old 4.1 management server to the new box, and do an 'fw confmerge' to mege my objects with the blank objects.c on the box. 3) Copy fwauth.ndb*/rulebases.fws from old 4.1 mgmt server to new ng mgmt server. 4) Take one of the Nokia 4.1 gateways offline. Remove the checkpoint module. Install IPSO 3.6. Install fw-1 fp3. 5) push the policy to the new nokia gateway. 6) cutover from the old solaris mgmt server/nokia gateway running 4.1 to the new fp3 stuff. 7) rebuild the now-offline solaris management server as a 'secondary enterprise management' server 8) do the same merge/copy with the objects/rulebases (see #2 & 3 above) to this server. 9) rebuild the now-offline nokia box (same process as #4 & 5) 10) place my nokia box and secondary management server on the production network I mostly wanted to verify that merging the objects and copying the rulebases, as I mention in #3 & #4, are the best practice for that. I could try doing an 'upgrade', but would like to leave my existing management server intact if possible (eg, not do an 'upgrade' on it unless I have to. Thanks for any of your advice. Please let me know if you have suggestions on a better practice for upgrading. -------------------------------------------------------- Dave Dyk CCNP, CCSE, MCSE, CNE City Of Portland, Bureau of Information Technology 1211 SW 5th Ave. Suite 1180 Portland, OR 97205 (503) 823-2692 - Voice (503) 823-9176 - Fax [EMAIL PROTECTED] -------------------------------------------------------- ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
