Sorry for this longish post, but l have an upgrade problem, and want to
give you all information so you can better know my situation.
I have read that you can successfully upgrade from 3.0b to 41.1 SP2 as long
as you upgrade via 4.0 SP5, which is what l have done.
Whilst l can now compile the ruleset and load it using the command line, l
cannot access the rules/objects via the GUI (version 4.1 on an NT PC).
Since we cannot verify via the GUI that the rules/objects/NAT are ok after
the upgrade l cannot continue with the upgrade.
Everything seems fine until you try to access the Rule Editor with the GUI.
The Nokia boots up fine, and when you start FW-1 (fwstart) both the
firewall and firewall manager processes start fine, and the ruleset which l
created via the command line (fwm -g ruleset.W) is found and loaded
successfully.
I am fairly sure that we installed the GUI correctly on the NT PC, and that
we have configured new box correctly to allow the PC as a valid GUI host.
It seems to timeout whilst trying to load the rules, and hangs the GUI,
leaving the NT CPU running at 100%. (even after l set the timeout option
fw_comm_tout to 90 seconds).
We only have 36 rules (which l will cut down to 15 or so, after all is
well) and about 100 objects, so l don't think the size of either is causing
the GUI to hang.
The funny thing is that we were able to bring the rules/objects up
correctly once via the GUI. The Rules and Objects looked fine, but we could
not save or load changes from it (times out and hangs the Policy editor,
CPU to 100%). Since then, we have had no success in bringing up the
rules/objects again on the GUI.
We loaded 3.0b onto a friends Nokia IP330 and then copied the solaris 3.0b
conf, database and state directories into $FWDIR. We then upgraded to 4.0
SP5, and then upgraded again to 4.1 SP2.
Phoneboy mentions to migrate from 3.0b -> 4.0 SP1 -> 4.0 SP5 -> 4.1 SP2, so
l'm wondering if this is the problem.
This has me stumped and l am not just trying to save the time of manually
adding all of the rules, objects and NAT to the IP440, l want to do it to
avoid transcription errors. Your help and advice would be truly appreciated.
Have l missed some steps? Any clues? Has anyone done this before?
thanks in advance,
Alan.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
