Jim,
I've had fun getting the bugs, out of our firewall-1 system, that rival your
experience here. My major lesson was to get an offline/non-production box to
work on making the software work before even coming close to the production
box. This has saved my tail from the fire numerous times.
Thanks for sharing your experience with us.
Best Regards,
===================================
Joel Eames - Data Security Analyst
Information Services
Texas Children's Hospital
(713)770-4441
[EMAIL PROTECTED]
===================================
> -----Original Message-----
> From: James Edwards [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, August 07, 2000 12:33 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] SP7 install or How I spent my Saturday
>
>
> I am running Firewall-1 V 4.0 on a Solaris 2.6 box. I installed SP 7 over
> SP 3 this weekend and the following is a transcript of the problems I ran
> into.
>
> First, the patchadd command kept failing in the prepatch stage. The error
> was completely incomprehensible as it said "<long path>/checkinstall:<long
> path>/checkinstall cannot open". I was running it as root so this took a
> while to figure out but luckily I was able to find the problem in the
> knowledge base on the Checkpoint web site. It seems that the patchadd
> command cannot handle long paths. I moved everything to a directory on
> root
> called x and everything patched very nicely, or so I thought.
>
> Second, the patch succeeded and told me to reboot. When the machine came
> back up, it tried to load the rule base and failed, saying it could not
> find
> any interfaces except loopback (lo), This consumed a good 30 minutes and
> I
> even went so far as to roll the patch back but I still had the same
> problem.
> Well, with the firewall down, I can't get to Checkpoint's web site thru
> the
> normal methods. Luckily, I had installed my home ISP on a standalone PC
> with a modem and was able to get to their web site and found the solution
> once more in their knowledge base. I had to remove the product.conf file
> and rerun fwconfig. It acts like the first time you ever set it up and
> will
> recognize all your interfaces.
>
> I then reinstalled the patch and when I rebooted this time everything was
> fine, or so I thought. I did several test from inside and outside the
> firewall and everything seemed fine so I went home
>
> However, when I got in today, I found that the file and group owners of my
> log files had been changed. I run a log grabber from another machine as a
> non-root user and this was failing. I now believe that was a result of
> running fwconfig and not the patch.
>
> Anyway, everything seems to be working now. I just thought some of you
> could benefit from my problems if you haven't done it yet.
>
> Jim Edwards
> Systems Manager
> Texas Secretary of State
>
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
