RE: [FW1] CheckPoint FW-1- Moving a Management Server

Juppunov, George Fri, 06 Jul 2001 02:02:49 -0700

Don't forget the fw putkey with the new master.
Also when you are done with the cut over, you
should fwstop, go to the $FWDIR/conf directory and depending
on the version of CP either (in 4.0 rename product.conf 
to something else and in 4.1 rename it to inst.conf). Then run
fwconfig for 4.0 or cpconfig for 4.1 to reconfigure your gateway,
so that it acts as a gateway only (i.e. select distributed installation).

Reboot, push policy, maybe exchange keys again and you are up and spinning.

Of course, you don't have to do all that if you don't want to, but it might
prevent you
from certain exploits especially in 4.1 SP1 and 4.0 before SP7 (or maybe it
was SP8).

Cheers.
George 

-----Original Message-----
From: Roelandts, Guy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 05, 2001 3:12 AM
To: 'Dias, Mario (Bolton)'; '[EMAIL PROTECTED]'
Subject: RE: [FW1] CheckPoint FW-1- Moving a Management Server



Mario,

   If have done this yesterday to test, between two Windows Nt Management
 Servers. But Windows 2000 should be fine too.

   Here are the steps I did to make everything work, note that we have no
 Solaris box (not yet installed) but the Firewall modules are WinNt, W2K and
 a Linux box.

1.      Installation :

Install the Management Server with the exact same versions of CP software.

2.      On the Management Server :

*       Copy the $FWDIR/conf/objects.C file
*       Copy the $FWDIR/conf/*.W files
*       Copy the $FWDIR/conf/*.pf files
*       Copy the $FWDIR/conf/rulebase.fws file
*       Copy the $FWDIR/conf/fwauth.NDB* files
*       Copy the $FWDIR/conf/fwmusers file
*       Copy the $FWDIR/conf/gui-client file
*       Copy the $FWDIR/conf/fwauth.keys file
*       Copy the $FWDIR/conf/serverkeys.* files

3.    To move the Firewall Modules from old to new Management Server :

*       Tell the new Management Server what are it's Firewall Modules,  add
one by one
*       Tell the Firewall module that it's Management Server has changed, on
Nt & W2k
go to the CheckPoint Configuration -> Masters tab, on Linux run
$FWDIR/bin/cpconfig -> option (2) Masters
*       When exiting the CheckPoint Configuration screen you are asked to
restart, proceed.
*       When restarted, most of the time, logging and policy downloads will
still fail, go to the $FWDIR/state directory and remove all local.* files
(except the local.arp),
then simply fwstop and fwstart the Firewall Module again


   Hope this helps.

Met vriendelijke groeten - Bien a vous - Kind regards

Guy ROELANDTS
EMEA GS Internet Expertise Centre
Compaq Software Engineer - Belgium
E-mail : [EMAIL PROTECTED]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65


-----Original Message-----
From: Dias, Mario (Bolton) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 03, 2001 6:50 PM
To: '[EMAIL PROTECTED]'
Subject: [FW1] CheckPoint FW-1- Moving a Management Server



Our infrastructure:
        Two Checkpoint FW-1 version 4.1 installed on a Sun Solaris and on a
Compaq NT 4.0. The management server currently sits on the Sun box. We would
like to move the management server to another NT box.

        - Can the Management server run on Windows 2000?
        - What are the procedures (documentation) for moving a management
server?
        
Thank you in advance,
Mario Dias
HUSKY Corporate I.T.
530 Queen Street, South
Bolton, Ontario, Canada
L7E-5S5
P - 905.951.5000 (2376)
F  - 905.951.5142
Web: www.husky.ca 
Email: mailto:[EMAIL PROTECTED] 



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


_____________________________________________________________________ 
IMPORTANT NOTICES: 
          This message is intended only for the addressee. Please notify the
sender by e-mail if you are not the intended recipient. If you are not the
intended recipient, you may not copy, disclose, or distribute this message
or its contents to any other person and any such actions may be unlawful.

         Banc of America Securities LLC("BAS") does not accept time
sensitive, action-oriented messages or transaction orders, including orders
to purchase or sell securities, via e-mail.

         BAS reserves the right to monitor and review the content of all
messages sent to or from this e-mail address. Messages sent to or from this
e-mail address may be stored on the BAS e-mail system.




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] CheckPoint FW-1- Moving a Management Server

Reply via email to
