Hello all, I am about to do an upgrade for a client of mine. They currently have a 4.1 FireWall-1 and they want to upgrade to NG FP3. I run the pre-upgrade verifier from CP and it reported that some objects need to be changed as expected. It also reported that it would split to two certain rules. Some of them contain resources in the "SERVICE" field so that's why they need to be split (you can not have a regular service and a resource in the same rule). The problem is that I was able to make rules similar to the ones the tool reported they would be split. It also reports that rules that have the value Long or Short in the TRACK field will be changed to Log. It only reports the first rule from each policy my clients has on his firewall. This looks like a bug to me. It makes me wonder how much should I trust the report from the pre-upgrade verifier tool. It is fine with me to report false positives, but how can I know it does not miss problematic objects? My client also has some associates that use SecuRemote SP2 to connect to the company's internal servers. Currently it is not easy to upgrade the SecuRemote clients along with the firewall, so I would like to hear comments from people who have used NG firewalls and 4.1 SecuRemote clients, what's it like in production? Any reply would help. Thanks.
-- Haris Klitiropoulos Data Communication Engineer Space Hellas S.A. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
