Hi All, I thought I'd share my upgrade experience with you all. Last night, I upgraded my FW1 4.0 SP5 to 4.1 Solaris 2.6 Further more, I run Websense v3.11 and eSafe v2.1/99 on a seperate NT 4.0 SP5 box. Cliff Notes version of the below story: Run the InstallU GUI installation program (/cdrom/cp*/InstallU). The Story: -- After spending a day and a half consolidating all the upgrade info from this list, from CP, from the README and the book that came with v4.1 CD, etc... I sat down to do my upgrade. What I failed to notice earlier is that the book actually provides two ways of upgrading: command line using pkgadd and a GUI (InstallU). Well, the README and other literature must ASSUME the InstallU patch of installation. By now, you may have guessed that I choose the command line pkgadd option. I ran pkgadd. Here's what I remember from installing CKfw1-41: - it sensed that I had an earlier version of FW1, would I like to upgrade. I said yes - it prompted me for my key. I mistyped my key, so that failed - because this installation had not asked me if I wante d to save my 4.0 installation, and it had not asked me if I wanted to install backward compatibility -- I figured something was wrong. It continued... - Wait! now the installation knows that I am a FW user. Hmmm...that's good... Do I wish to add others? I say no. - Now it prompts for remote mngmnt. clients. It retained my IP address of my PC. Great. Now fw1 attemts to start, but errors because I am limited to 25 hosts. I try to run "fw putlic", but that fails with this error: "cplic_init: cannot read cacro file /opt/CKPfw/bin/./../conf/cp.macro Failed to add license: License Invalid" Uuuuugh!!! I've come this far. Time to destroy the GUI. pkgadd -d . for the CPgui-41 - this also noted a previous installation - not much else to add here. I tried to run the GUI, and got many errors. Now what? Run the "InstallU" installation GUI program. Hey, why not make the most of my already wasted evening? I run /cdrom/cp*/InstallU - accept license agreements, etc. - It prompts for software to install. I choose FW1/VPN1 - It notes that I already have this version installed. Do I wish to overwrite this and keep my settings? Yes, PLEASE - It asks me if I would like to install backward compatibility. I say NO, as directed in CP's readme files if you upgrade - It installs - I follow similar prompts for the OpenLook GUI I reboot when prompted. FW fails since 1) the security policy isn't usable (last compiled under 4.0), my license is still invalid. I run fw putlic now. I works! FW1 starts, but fails to apply policy (still a 4.0 compilation). I try to start the OpenLook GUI. I get a library error? I still haven't fixed this. I run to my PC, install the 4.1 Management pkg (aka Policy editor, Log Viewer, etc.). It connects! My rulebase is there? My firewall object is already marked as a 4.1 module/firewall. I install the rulebase. It works! I still need to install the Hot Fix (41603), but one at a time -- right? If anyone has any questions, let 'em fly! Thanks -- Chris __________________________________________________ Do You Yahoo!? Send instant messages with Yahoo! Messenger. http://im.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
